British businesses are being dragged into cyber wars they never signed up for

They’re not getting involved in making foreign policy decisions or building weapons systems. They’re just running their business.

But in the current threat environment, that difference is becoming ever more irrelevant.

State-aligned threat actors are working through supply chains, exploiting business relationships and targeting the technology that organisations depend on every day.

That brings us to the current conflict. When a state is under military or diplomatic pressure, intensified cyber operations almost always follow, pulling in allied nations. Iranian state-led espionage is causing huge concern for US partners such as the UK.

The Handala-led attack on the Stryker Group – targeted because of its Israeli acquisitions and role as a major medical supplier – affected organisations in the US, UK and Ireland.

Additionally, MuddyWater and other Iranian Advanced Persistent Threat groups such as OilRig, APT33 and Agrius, are disrupting day-to-day operations in organisations to create wider economic risk.

And it is not just Iran. North Korean threat actors also compromised the Axios NPM package, a widely used piece of JavaScript infrastructure reportedly found in as many as 80% of cloud environments around the world. One supply chain breach became a global risk multiplier, with businesses unknowingly running malicious code inside their own environments.

So how do organisations prepare for risks that may begin far beyond their own borders?

Detection is becoming harder. Threat actors are finding ways to obscure their activity and blend in with normal user behaviour, often using legitimate system tools to carry out malicious activity. This often makes early warning signs easier to miss.

Businesses need to look beyond detection alone and understand what threat actors are doing right now, what their campaigns are targeting and whether the technologies they own or use could put them at risk. But they also need to respond to incidents quickly.

External subject-matter experts and the threat intelligence they provide will become much more important, particularly for organisations trying to understand fast-moving risks linked to geopolitical tension. Incident response capabilities will also enable the right calls to be made under pressure, whether it’s an email compromise or a nation-state threat.

Long-term resilience is now about more than bringing systems back online after an incident. Organisations can be targeted again. The real aim is to reduce the risk of repeat attacks and make the business better prepared each time.

Access to expertise is going to be so important to raise the bar across both individual businesses and the cyber security industry more widely. No organisation can address this challenge in isolation. By working more closely together, businesses and cyber security experts can better prepare for threats that may begin far beyond their own borders.

_

Christopher Clark is the Cyber Security Incident Response Team Director, Thrive

LBC Opinion provides a platform for diverse opinions on current affairs and matters of public interest.

The views expressed are those of the authors and do not necessarily reflect the official LBC position.

To contact us email opinion@lbc.co.uk