Subj : As political violence man
To   : All
From : Mike Powell
Date : Fri May 16 2025 08:49 am

As political violence manifests through cyber attacks, companies must prepare

Date:
Thu, 15 May 2025 14:27:56 +0000

Description:
"Old vs. new tech," reliance on technology, geopolitical instability increase
cyber threat, according to Allianz.

FULL STORY
======================================================================

The Allianz Risk Barometer, an annual report detailing the risks businesses
are most concerned about for the year ahead, has seen companies rank
political risks and violence as a top 10 global risk for the past three
years. Businesses concerns have been exacerbated by 2024s record-breaking
number of elections, the developing conflict in the Middle East, and ongoing
war in Ukraine.

The negative impact of political violence on companies can manifest in many
ways, from endangering employee and customer safety to operational
disruptions caused by material damage to premises or assets. As technology
advances, uncertainty grows, and political tensions remain high around the
world, businesses must consider their vulnerabilities, particularly in the
cyber realm.

According to Allianz Commercials new Political Violence and Civil Unrest
Trends 2025 report, cyber breaches represent one important way that political
violence activity can impact businesses. This years report identified a key
trend: that new tech versus old tech has increased the threat of rogue
state-triggered damage and disruption, alongside increased reliance on
technology around the world and ongoing instability in the geopolitical
landscape. Addressing areas of vulnerability will be essential as companies
grow operations in an increasingly volatile cyber environment.

New tech, new threats

Advances in technology and global connectivity have increased production and
dissemination of misinformation and disinformation. To sow discord, Advanced
Persistent Threat (APT) actors, which are usually sponsored by rogue nations
or organizations, leverage cyber-attacks to disseminate false information,
using techniques such as manipulated online news platforms and compromised
social media accounts to instigate real-world events such as aggravating
political polarization, promoting social unrest and riots and undermining
democratic elections.

APT groups often engage in sophisticated cyber espionage, such as in the case
of the Southport attacks and subsequent far-right riots during 2024 in the
UK, which spread disinformation and caused social disruption.

Increased digital reliance and geopolitical instability are also heightening
the risk of cyber-attacks that inflict physical harm at the same time.

Exposures in critical infrastructure

Critical infrastructure, including energy, transportation, and manufacturing,
faces growing vulnerability to disruptions, equipment damage, and threats to
human safety via cyber means.

To manage physical processes at these large installations, complex Industrial
Control Systems (ICS) or operational technology (OT) systems are used for
control and monitor purpose. Typically, these systems are legacy in nature
and have obsolescence issues. That means they are vulnerable to attacks that
can disrupt physical processes which can lead to potentially hazardous
scenarios. For example, in refinery operations manipulation of ICS and safety
systems can lead to catastrophic fire, explosions and can cause major
environmental damage due to hydrocarbon releases.

Utility companies, too, depend extensively on OT systems. The prevalence of
outdated, internet-unsecured devices within such networks poses a major
security challenge due to infrequent updates. The utility sectors cyber
security weaknesses render it highly vulnerable. Exploiting
internet-accessible OT and ICS devices, including those in the wastewater and
water sectors could affect millions of people, with potentially severe
consequences for public health and safety.

The vulnerability of transportation systems to cyber threats also raises
critical concerns regarding the potential for cyber-physical attacks to cause
tangible damage. While modern aircraft possess strong security protocols,
vulnerabilities within airport infrastructure, including baggage handling and
air traffic control, present a tangible risk of physical damage stemming from
cyberattacks. Cyber-attacks targeting other transportation infrastructure
also pose a significant risk of physical damage, with disruptions to
signaling systems capable of triggering collisions or derailments. In August
2023, a cyber-attack on Polands railway system, where hackers manipulated
unsecured radio signals to activate emergency train stops, demonstrates the
susceptibility of outdated infrastructure to digital threats.

Addressing cyber vulnerabilities

Assessing the robustness of cybersecurity for key infrastructure demands a
multi-faceted approach. Companies should engage with their insurance
providers through cyber risk dialogue to discuss potential threats to the
industry, as well as the insureds weaknesses in people, technology and
processes. Beyond traditional IT defenses, evaluations also include
scrutinizing vulnerabilities, including legacy systems which are often
ill-equipped for modern cyber threats, as well as an end-to-end assessment of
the insureds value chain.

Key weaknesses often reside in unpatched, poorly secured legacy systems, and
the convergence of IT and OT networks. Supply chain vulnerabilities,
inadequate incident response plans, and a lack of robust security awareness
training further exacerbate these risks. Human error, particularly in access
management and patching protocols, remains a significant entry point for
malicious actors.

The convergence of Artificial Intelligence , social media, phishing, and
Business Email Compromise attacks creates a potent and evolving threat
landscape. These technologies are being weaponized to create more convincing
and effective cyber-attacks.

How an organization will recover and maintain critical functions during and
after a disruption is key. A robust business continuity plan encompasses a
business impact analysis to pinpoint critical functions, defined recovery
strategies and procedures, clear communication protocols, reliable data
backup and recovery systems, flexible alternative work arrangements, and
regularly conducted testing and exercises. Comprehensive audits encompass
physical security, incident response protocols, and supply chain resilience.
Regular penetration testing and threat intelligence integration are also
crucial for identifying and mitigating emerging risks, ensuring the
continuous protection of essential services.

This article was produced as part of TechRadarPro's Expert Insights channel
where we feature the best and brightest minds in the technology industry
today. The views expressed here are those of the author and are not
necessarily those of TechRadarPro or Future plc. If you are interested in
contributing find out more here:
https://www.techradar.com/news/submit-your-story-to-techradar-pro

======================================================================
Link to news story:
https://www.techradar.com/pro/as-political-violence-manifests-through-cyber-at
tacks-companies-must-prepare

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.