How does the geopolitical climate affect how you approach cybersecurity?

The geopolitics of technology and data is a top risk affecting companies across all sectors and geographies.
(1) Cyber Security Risk
(2) Industrial Policy Risk
(3) Changing Technology Regulations
(4) Increasing Geostrategic Competition

In my opinion there's no doubt that the Ukraine Russia war will have a big impact on cybersecurity. We will definetly witness political espionage and sabotage leading to a worldwide cyberwar.

There’s been a convergence of information warfare and cybersecurity. There's such a high degree of politicization around vulnerabilities, the role of cyberspace in international relations and stability in general. From a CISO or defender standpoint, it boils down to being able to be very confident about the things that you can say with certainty, and then being as comfortable as possible with being transparent about the rest of it. At that time, your truth doesn't need to be at war with itself and you don't want to get sucked into information warfare.

When I'm talking to folks in the military, defense and even political leadership, I explain that cybersecurity is its own domain, but it's also a theme that ties everything together. It's not just one or the other. The ability to stoke fear over cyber war is itself a risk at this point because it's so ubiquitous and misunderstood. As a CISO, what are you doing to defend? What are the controls that you can use? If Reuters knocked on your door and said, "Russia says that they've owned your staff," how do you respond to that as a theoretical exercise from a communication standpoint, and not just a technical cybersecurity issue?

The impact of the geopolitical climate is huge for us because we're getting a lot of attention from utility and infrastructure companies that want to protect their OT environment. They're getting hit with cyber attacks, ransomware, etc., and are talking to a lot of companies that can't take care of what they need to protect. You can get all the software you want, but you can't install it on industrial control systems. For two years we've been preaching that you need to micro segment everything in your environment so ransomware doesn't spread and things don't get shut down. People are finally waking up, so I hope we get to every critical infrastructure organization in the country and help prevent these attacks. I don't know what they will look like in the future but going forward, all wars will be cyber wars, so we need to get better at defending.