PwC: Geography can affect your cyber threat profile
Geography can affect your cyber threat profile, according to a new report from consultants PwC.
“Undoubtedly geography can have an effect on an organisation’s cyber threat profile,” says report author Louise Taggart, Threat Intelligence Manager, PwC UK.
“For example, operating in the critical national infrastructure of a foreign country with a high level of state involvement could make an organisation a strategically attractive target for espionage activity. Another contributing factor could be joint business relations with a state-owned entity, leading to increased scrutiny in the form of cyber espionage campaigns,” said Taggart.
The report, Why geography matters in cyber security, addresses the questions raised by many PwC clients who ask; What is the cyber threat level in country A or B?
“These questions may be driven by the fact that cyber security is seen through the same lens as other operational risks that businesses have traditionally faced,” states the report. “These might include physical threats such as terrorism or political violence; political risks such as expropriation of assets or government credit risks.”
The report states that having operations in a country could make an organisation a target for hacktivist activity if that country were exposed to negative news or accused of autocratic or anti-democratic actions.
“Cyber security considerations, however, don’t necessarily fall into the same country-specific silos as other types of operational or business risk,” said Taggart.
“Many of the sophisticated threat actors we track – particularly those motivated by espionage and therefore seeking access to sensitive or confidential information - often look for the easiest way into an organisation’s network, rather than targeting a specific country per se.
Cyber threats should therefore certainly be treated as being more ‘geographically agnostic’ than other risks that a business is also likely to be tracking.”
The report stresses that just because a campaign is targeting a particular country it doesn’t mean this will be the case in the next two months or the next two days as targeting may be constantly evolving, depending on tasking priorities.
How an operational presence affects your cyber threat profile
According to PwC, having an operational presence in some countries will undoubtedly affect your organisation’s cyber threat profile.
“However, it is important to recognise that frequently, cyber threats do not manifest in the same way as other operational risks that are much more specific to a single geography,” said Taggart.
“Viewing cyber security purely through the same geographic lens as that used for monitoring other operational risks does not allow for a nuance in tracking threat actors that are not motivated by geography but by myriad other - often complex - factors.”
Click on the link below to sign up for cyber security updates from PwC.
For more information on business topics in Europe, Middle East and Africa please take a look at the latest edition of Business Chief EMEA.
