Managing Data Exposure in an Era of Geopolitical Risk

News

1. A 50-Point Gap: How Experts and the Public See AI Differently

2. Investor Doubts Emerge as OpenAI’s Sky-High Valuation Faces a Reality Check

3. Meta to Build an AI Mark Zuckerberg to Connect Better With Staff

4. Telegram Chief Calls WhatsApp’s Encryption “The Biggest Consumer Fraud in History”

5. Claude Owner Anthropic Discussing In-House AI Chips, Report Says

6. Intel, Google Expand AI Infra Partnership with Focus on CPUs

Digital space has quietly become a new front line. What once felt like tools of convenience—data, platforms, algorithms—are now being repurposed in ways that shape conflict itself. It’s no longer just about surveillance or censorship; it’s about how personal data is collected and used to influence, control, and, increasingly, exert power at scale.

The global cyberattack landscape has moved away from solely financially motivated operations to geopolitically driven ones. Hence, data is increasingly treated as a national asset that must be protected.

The shift demands a fundamental rethinking of how organizations assess data risk. A customer database, a workforce roster, and an authentication credential are no longer just compliance issues. In the context of conflict, they are operational assets for adversaries.

Eliad Kimhy, Senior Security Researcher at Acronis, says, “The credentials that, under normal circumstances, would allow an attacker to deploy ransomware in a local bank or power station, can be used during conflict to disable those very institutions as a disruption to critical infrastructure. The same information can be used to track or reach high-value targets, expose locations of sensitive civilian and military infrastructure, identify supply lines, and more.” 

Information collected through phones, compromised surveillance systems, and technology companies can serve as intelligence arms during warfare. 

“This data, available due to compromised infrastructure, may be stolen, obtained legally, or offered outright for weaponization. It only needs to be correlated, enriched, and operationalized to track movements, activity, and personal associations,” says Morey Haber, Chief Security Advisor at BeyondTrust. 

Cyber operations serve as tools of diplomacy, influence, and psychological destabilization, says Ivan Milenkovic, Vice President, Cyber Risk Technology, EMEA at Qualys. He points out that the Middle East provides a vivid illustration of digital anomalies in this escalation dynamic. “Following intense military engagements between Israel and Iran in mid-2025, there was a 700% observed surge in cyberattacks across the region,” notes Milenkovic.

Attacks can intensify when malicious actors deploy malware to permanently delete data, rendering systems unrecoverable. At the same time, massive distributed denial-of-service (DDoS) attacks can flood public platforms with fraudulent traffic, blocking real users from getting access.

Targeted attacks on civilian infrastructure like power grids, hospitals, and public apps can disrupt society as a whole.“The nature of these attacks underscores a shift towards disruption and destruction,” adds Milenkovic.

Milenkovic says during conflicts, the distinction between professional intelligence apparatuses and amateur hacktivists blurs, “creating an unpredictable environment where civilian infrastructure bears the brunt of the assault.”

Entry Points 

There are many ways for attackers to gain access to systems. Public data is crucial because it can disrupt civilians’ daily lives. If this data is compromised or shared, it can become the weakest link and even put military authentication at risk. Attackers often find it easier to target civilians through the services they use, and then use that information to compromise military identities.

Credentials and personally identifiable information (PII) are consistently among the most valuable. Kimhy explains, “Credentials, because they provide an adversary with an opportunity to attack a civilian company or institution, or in some cases, use those companies as assets to complement a military objective. 

“PII is valuable because it helps connect individuals to organizations, relationships, and locations. This makes it useful for identifying high-value targets or understanding how different entities are linked. In addition, attackers often combine this with open-source intelligence from social media, public records, and online profiles to build a more complete picture of targets,” he adds. 

Even though we equate data breaches with financial losses, it is important to note, “when civilian-facing data and critical services are compromised during a geopolitical conflict, the ramifications bypass the corporate balance sheet and inflict direct harm on the public,” Milenkovic says. These cyberattacks can extend beyond the digital realm and translate into a population-level risk through mechanisms such as cascading systemic failures and the strategic targeting of regional lifelines.

“Compromising a single managed service provider (MSP) grants a nation-state actor downstream access to multiple government agencies and critical infrastructure operators simultaneously, turning a localized breach into a systemic regional disruption,” Milenkovic states while explaining the ripple effect of cyber incidents on more than a host system. 

He gives another critical example of the Middle East’s reliance on water desalination. These plants are highly networked and deeply vulnerable to cyber-physical disruption. The deliberate targeting of desalination infrastructure during regional conflicts exposes a vulnerability that threatens the most fundamental biological needs of millions of people. “An unpatched endpoint in a water authority is therefore not an enterprise risk; it is a mass-casualty hazard,” he adds.

Exposed credentials and phishing remain some of the most underestimated entry points. They do not require advanced techniques, yet they are still highly effective in many environments. “Once credentials are compromised, attackers can access systems in ways that appear legitimate, which makes detection more difficult,” says Kimhy. 

“Identity becomes the weakest link because it is the control plane for everything else,” points out Haber. A noteworthy point is that if the opponent has access to even one of the identity providers, token service, federation layer, or privileged identity workflow, they do not need to break every system. Once they have access to one of these, they can act as an authentic user, an administrator, a service account, or a workload and move across the network accordingly. 

In a geopolitical crisis, this becomes more powerful because identity is where civilian and militarized data converge. “They are, after all, the same people in two different roles. HR systems, customer portals, cloud consoles, developer pipelines, support tools, social media, and analytics platforms all trust identity,” says Haber.

He adds, “So, when conflict escalates, identity is not just part of a single defensive stack or segmented attack vector. It is the stack that decides whether all other safeguards hold or collapse based on whether a person’s digital fingerprint exists in both civilian and military identity systems, and a correlation can be exposed.”

The Blind Spots 

Public-sector systems in the Gulf States are generally secure, but the number of cyberattacks has doubled. This makes it hard for organizations to know what to focus on.

Milenkovic says, “The rapid integration of cloud-native architectures, the shift toward remote workforces, and the unrelenting pace of digital transformation initiatives have rendered the traditional concept of a defensible security perimeter obsolete.”

He further explains, “In the Middle East, an enormous blind spot stems from the rapid deployment of IoT and OT devices within large-scale smart city initiatives.”

Abu Dhabi, Saudi Arabia, Qatar, Lebanon, Oman, and Jordan are developing smart city projects that aim to change how people live and work. As technology becomes central to these projects, data collection and surveillance also become more common.

“Megaprojects often embed surveillance and data collection into the very fabric of the city through millions of connected sensors. However, these devices often lack inherent security safeguards,” he says. “Additionally, modern organizations treat third-party services merely as operational dependencies rather than active components of their own attack surface, allowing threat actors to exploit vendor interfaces and bypass primary defenses entirely.”

Milenkovic points out that in response to the pervasive targeting of civilian data, governments are fundamentally rethinking how data is stored and governed. Consequently, the concept of the sovereign cloud and the strict enforcement of data-localization mandates have emerged as primary mechanisms for engineering resilient infrastructure.

He insists that cloud architectures must guarantee jurisdictional control, technical isolation through cryptographic key management, and operational transparency.

Data collection has always relied on multiple data points, but AI has changed the scale and speed of data collection. Now, large volumes of data can be obtained, processed, and correlated much faster, making it easier for attackers to build detailed profiles, map relationships, and spot patterns.

Haber points out, “AI is making this worse because organizations are trying to scale autonomy faster than they are scaling trust boundaries. Secure-by-design for AI has been left behind. Security teams are being told to let models reach more data, connect more tools, access more secrets, and act with fewer human checkpoints. That is backward.”

He suggests managing identities and privileges using existing best practices rather than forgoing them and potentially hard-coding secrets or creating standing privileges everywhere just to enable AI. “Simply put, if you weaken identity to make AI more useful, you have not accelerated innovation. You have expanded the attack surface and outsourced judgment to a system that inherits every entitlement you give it,” he says.

A common mistake companies make is assuming it takes time for business data to become useful in a conflict. In reality, this can happen almost instantly. Simple information such as customer location, identity data, payment history, workforce rosters, and infrastructure metadata can become important for military use during a crisis or for targeted attacks.

Best Practices

Data from connected devices, online services, and digital platforms can now be accessed and acted upon much more quickly. Information that was once fragmented or difficult for us can now be combined and operationalized in near real time. 

Kimhy suggests, “Maintaining strong monitoring, visibility, and response capabilities during normal operations is critical, because those same capabilities are what will make the difference during periods of conflict.”

“The answer is not another annual access review. It is continuous authorization, zero-trust architectures, and ensuring that all access is time-bound, purpose-bound, device-aware, geography-aware, and risk-adaptive. Highly sensitive datasets should require step-up verification and privileged access workstations for administrators facing elevated threats. Current identity security best practices recommend broader use of privileged access workstations for organizations facing heightened threats from skilled threat actors, as an example.”

In other words, least privilege is no longer enough as a marketing slogan. It has to become operationally enforced just in time, just enough, and just for the specific task, including segmented access via dedicated hardware, if warranted.

“Organizations should assume every vendor relationship, and their remote access needs, are a cross-border trust problem—no one should ever be implicitly trusted,” says Haber.

He urges organizations to assume the worst-case scenarios for everyone, and the solution is not a procurement checkbox that says, “We did this.” He states the need to inventory every vendor identity, every integration path, every support channel, every remote session, and every jurisdiction through which data may transit or be accessed. If you cannot map it, you do not control it, and lateral movement is the foundational attack vector in every supply-chain attack.

The point is that data can be accessed and used much faster than before. What was once fragmented and difficult to put together can now be combined easily, in near real time. The organizations best positioned to navigate this environment are not necessarily those with the largest security budgets. They are the ones whose leadership understands that data governance is now a geopolitical responsibility and acts accordingly.