In recent years, geopolitical events have had a significant impact on cyber threats. From the COVID-19 pandemic to the war in Ukraine, these events have created new opportunities for attackers and have made it more difficult for organisations to defend themselves.
Geopolitical events have a significant influence on what Cyber Threat Intelligence (CTI) teams focus on to inform cybersecurity posture and risk mitigation strategies. From conflicts and pandemics to elections and nation-state agendas, cyberattacks often begin with or follow those narratives as the modern way of weaponising geopolitical events and quickly making a big impact.
For example, the COVID-19 pandemic has led to an increase in cyberattacks targeting healthcare organisations. The war in Ukraine has resulted in an increase in cyberattacks targeting Ukrainian and Russian organisations. And the upcoming US midterm elections are likely to cause an increase in cyberattacks targeting political campaigns and government agencies.
As a result, there is a growing need for organisations to integrate geopolitical intelligence into their cyber threat intelligence programmes.
What is geopolitical intelligence?
Geopolitical intelligence is information about the political, economic and social factors that shape the world. This information can include data on government policies, economic trends, social unrest or reactions to events and military movements.
Geopolitical intelligence can help CTI teams understand the context of these events and their link to an organisation or country’s economic stability, operations, supply chain, people and assets. It allows them to identify potential threats and even get a head start on future incidents. For example, if a CTI team knows that a country is experiencing political unrest, they can be on the lookout for cyberattacks targeting that country’s infrastructure or government agencies.
The challenge with geopolitical intelligence
The challenge with geopolitical intelligence is that even formal, dedicated intelligence teams lack the bandwidth to focus on this more forward-looking form of intelligence – focusing instead on more directly actionable cyber threat intelligence, and where appropriate, physical security intelligence. These teams are busy allocating their resources towards activities such as blocking IOCs, patching vulnerabilities, adding more security personnel at events and so on.
This results in teams’ fire-fighting requests to investigate mainstream news hype around geopolitical events that stakeholders are concerned about. However, without the data needed to analyse, validate and produce actionable intelligence, it becomes challenging for senior leaders to act, or prevent an overreaction when the threat is unlikely to impact the organisation or location in question.
How can geopolitical intelligence be integrated into cyber threat intelligence programmes?
There are a number of ways to integrate geopolitical intelligence into cyber threat intelligence programmes. One way is to use a geopolitical intelligence platform. These platforms provide access to finished intelligence reports collated by analysts to include analysis of key events and forecast outlooks for specific countries, and can also include aggregated data from organisations and think tanks around the world.
Another way to integrate geopolitical intelligence into a more holistic intelligence programme is to utilise a platform that connects geopolitical intelligence, cyber threat intelligence and physical security intelligence in one place to enable the monitoring of threats across multiple vectors. Look out for platforms able to collect and aggregate data from open source, dark web messaging and forums and finished intelligence providers to get the best blend of verified intelligence with real-world accounts and discussions to arrive at the most accurate conclusions.
How Silobreaker helps with geopolitical intelligence
At Silobreaker, we know that the intelligence needed to combat these threats will always cross data silos, so we got rid of them. Our data source-agnostic platform brings together open source, deep and dark web sources and finished intelligence in one place. That means CTI teams tasked with maintaining the visibility of vulnerabilities one minute, and the supply chain risk of semi-conductors from China the next, can move faster to answer those intelligence requirements.
To enhance our geopolitical event coverage even further, we’re proud to announce the integration of RANE Enterprise Geopolitical Intelligence into the Silobreaker platform, allowing teams to combine RANE analysis, forecasts and country risk ratings with open-source content to deliver enhanced intelligence, gain objective insights and model the what-if scenarios needed for strategic decision-making. This integration provides three key benefits for intelligence teams and stakeholders.
Intelligence requirements involving geopolitical factors can be complex, unique to your operations and require multiple sources. When you need to verify and validate news and information, Silobreaker allows you to build intuitive queries combining unstructured data from social media, local media and Telegram chats (the noise of the internet), and use machine learning and analytics to monitor changes in risk and verify reports against finished intelligence produced by RANE’s team of expert threat intelligence analysts. This combination ensures higher-quality intelligence for all stakeholders.
Making the most of data investments for intelligence production is critical for teams, but no one has the time to read every report issued by their vendors to understand what is relevant to an investigation or stakeholder intelligence requirement. That’s why Silobreaker does the reading for you to help get relevance from data at scale and make the most of every investment. Silobreaker’s In Focus view provides a quick summary of RANE reports, identifying a range of entities including countries, organisations, incidents, violent groups and more. This can help you pivot to related content or filter search results by these entities instantly, so you can focus your research on the most relevant content.
One of the first tasks in understanding the risk to your organisation in a particular country or region is to access country risk – both from the point of view of where it’s been historically and will be in the future. RANE country risk indicator scores, trends and outlooks provide access to tangible, curated and validated information that is incredibly useful to risk assessment and forming mitigation strategies.
The Silobreaker intelligence platform helps you assess those country risks even faster – and from any source – whether a RANE report, Tweet, forum post, Telegram chat or local news article. By combining RANE risk scores with Silobreaker’s entity detection and customisable country watch lists, organisations can evaluate country risks even more comprehensively. The Silobreaker Relevance Engine can automatically detect and highlight country names in any open-source, deep and dark web, or finished intelligence provider content. Simply hover over the country name to view quantitative ratings of a country’s geopolitical, political and security risk factors.
This integration will be a game-changer for CTI teams looking to get ahead of the curve on emerging threats. With Silobreaker and RANE, you can gain the context and intelligence you need to make informed decisions about your cybersecurity posture and protect your organisation from the latest threats. To learn more about how Silobreaker and RANE can help you improve your cybersecurity posture, visit our website.
How to get started with geopolitical intelligence
If you’re interested in getting started with geopolitical intelligence, there are a few things you can do:
1. Identify your needs: What do you or your stakeholders need to know about geopolitical events to improve your cybersecurity posture?
2. Find a reputable source: There are a number of companies that offer geopolitical intelligence. Do some research to find a source that meets your needs, one that gives you the visibility you need across finished intelligence and open internet content, one that can help you make sense of the data and is credible.
3. Use the information wisely: Geopolitical intelligence can be a valuable tool, but it’s important to use it wisely. Don’t overreact to every threat but understand the relevancy to your operations and the potential impact an event could have to accurately inform stakeholders to take steps to mitigate risk.
To learn more about how Silobreaker can help you make sense of geopolitical intelligence – and connect events to your operations and supply chain and the whole threat intelligence cycle process in a single platform, from data collection to analysis, intelligence production and reporting – schedule a discovery call today.