As the host of the CyberHub Podcast and a seasoned Chief Information Security Officer, I’ve had a front-row seat to the evolving cybersecurity landscape—one increasingly intertwined with geopolitics. Today, in 2025, we’re witnessing a seismic shift in global power dynamics, driven by escalating tensions, failing international frameworks, and the strategic use of cybercrime as a political lever. Add to this mix the reintroduction of tariffs as economic weapons, and you’ve got a recipe for both unprecedented challenges and surprising advantages for cybersecurity professionals. Let’s break it down.

The Failure of Global Bodies and the Rise of Cybercrime as Leverage

“I skate to where the puck is going to be, not where it has been.” — Wayne Gretzky
(Quoted by Eric Schmidt, Executive Chairman of Alphabet, highlighting the need to stay ahead of threats.)

If you want an analogy for cyberspace in today’s geopolitical climate,

consider your typical hockey brawl: everyone’s vying for control of the puck (in this case, data, intellectual property, and critical infrastructure), and the referees (global regulatory bodies) aren’t really sure how to break up the fight. That’s precisely the struggle. Most international organizations—think the United Nations or Interpol—are still playing a 20th-century rulebook in a 21st-century match. They simply haven’t adapted to the realities of digital conflict.

For years, we’ve pinned our hopes on these global bodies to tame the Wild West of cyberspace. Yet, as the World Economic Forum’s Global Cybersecurity Outlook 2025 notes, “The proliferation of regulatory requirements around the world is adding a significant compliance burden for organizations,” while geopolitical tensions exacerbate an already fragmented response to cyber threats. These institutions have failed to address cybercrime at scale, leaving a vacuum that nation-states happily exploit.

Countries like Russia, China, and North Korea—long identified as hubs of state-sponsored cyber activity—continue to export chaos as a bargaining chip. Take Russia’s intensified cyberattacks tied to its ongoing conflict in Ukraine. The UK’s National Cyber Security Centre (NCSC) reported in its latest annual review that Russia remains “capable, motivated, and irresponsible,” targeting critical infrastructure to support military and diplomatic goals. Meanwhile, North Korea’s Lazarus Group, behind the 2017 WannaCry ransomware attack that cost global economies an estimated $4 billion, keeps raking in cryptocurrency to fund Pyongyang’s regime—unfazed by international condemnation.

This isn’t just cybercrime; it’s geopolitics with a digital twist. Nations wield these attacks to signal intent, disrupt adversaries, or extort concessions at the negotiating table. As a CISO, this means my threat landscape isn’t just about rogue hackers anymore—it’s about state actors with limitless resources and political agendas.

Tariffs: Upending Alliances, Rewiring Relationships

Enter tariffs, the economic sledgehammer of 2025. With the return of Donald Trump to the U.S. presidency, we’re seeing a revival of protectionist policies aimed at reshaping global trade. The Infosecurity Magazine article “Trump, China, Russia: How Geopolitical Tensions Increase Cyber Risk” (February 21, 2025) warns that this shift is “disrupting the longstanding international rules-based order,” forcing CISOs to adapt to a “more chaotic and volatile world.” Tariffs on Chinese tech imports, for instance, could strain U.S.-China relations further, amplifying Beijing’s cyber-espionage efforts targeting American firms—a trend already evident in attacks on critical infrastructure, as noted by the NCSC.

But here’s where it gets interesting: tariffs might also spark new alliances. As the U.S. pivots away from reliance on Chinese hardware, nations like Japan and South Korea—already leaders in tech innovation—could step up as trusted partners. This shift offers cybersecurity professionals an advantage: a chance to diversify supply chains and reduce exposure to vulnerabilities exploited by adversarial states. The SolarWinds attack of 2020, linked to Russian actors, exposed the risks of concentrated supply chains—a lesson we’re finally acting on.

When tariffs pop up, relationships can shift overnight. Suddenly, your third-party vendors might not be from the same country you initially vetted. Meanwhile, brand-new partners could be plugged straight into your network, carrying potential vulnerabilities and compliance headaches. The 2022 IBM X-Force Threat Intelligence Index highlights that software supply chain attacks jumped over 33% in the last year. Hackers love the “weakest link in the chain” concept. If your new supplier is cutting corners on patch management or lacks multi-factor authentication, you’ve effectively opened the door for threat actors to waltz right in.

Potential Advantages

Tariffs can also lead to stronger partnerships with more security-savvy organizations. As you scout out new suppliers or partners, you have a fresh start to set stringent cybersecurity requirements from the get-go. This can boost overall resilience. And let’s be honest—sometimes a little market pressure can make an organization adopt best practices faster than a kid picking up free candy.

Challenges: A Flood of Complexity

For cybersecurity practitioners, this geopolitical upheaval translates to a flood of complexity. First, there’s the regulatory mess. The WEF’s 2025 report found that “nearly 60% of global organizations believe geopolitical tensions have impacted their cybersecurity strategy,” with two-thirds of respondents citing convoluted regulations as a hurdle. As a CISO, I’m juggling compliance with the EU’s GDPR, the U.S.’s patchwork of state laws, and emerging mandates in Asia—all while tariffs threaten to rewrite the rules overnight.

Second, the threat actors are evolving. The convergence of cybercriminals and nation-states—think Russia’s cozy relationship with ransomware gangs like REvil—blurs the lines between profit-driven hacks and political sabotage. A recent example? The 2024 attack on a major European energy provider, attributed to a Russian-aligned group, disrupted operations across multiple countries, costing millions. My team’s incident response plans now have to account for hybrid threats that hit harder and faster than ever.

Third, we need skilled talent on our teams to help navigate this. This is a team job.

Advantages: A Chance to Innovate and Collaborate

Yet, amid the chaos, there’s opportunity. Tariffs could force a reckoning with supply chain security, pushing us to innovate. By shifting to trusted vendors in allied nations, we’re not just mitigating risk—we’re building resilience. The U.S.-Japan partnership, for instance, has birthed joint cybersecurity initiatives like the 2024 Cyber Defense Pact, pooling resources to counter China’s digital aggression. As a practitioner, I’m leveraging these collaborations to access cutting-edge threat intelligence and bolster our defenses.

Moreover, the spotlight on cybercrime as a geopolitical tool is driving investment. Companies are waking up to the reality that cybersecurity isn’t optional—it’s existential. Gartner’s Paul Proctor nailed it in a 2022 Q&A: “Cyber-conflict isn’t just a security problem, it’s a business problem.” Boards are finally listening, greenlighting budgets for AI-driven threat detection and zero-trust architectures.

Real-World Stakes: From Ukraine to Your Doorstep

Let’s ground this in reality. Ukraine’s cyber battlefield offers a stark preview: state-sponsored wiper malware like NotPetya (2017) didn’t just cripple Kyiv—it spilled over, costing Maersk $300 million and snarling global shipping. Fast forward to 2025, and the stakes are higher. A hypothetical Chinese cyberstrike on U.S. infrastructure amid a tariff war could disrupt everything from power grids to ports, with collateral damage hitting every CISO’s doorstep.

On the flip side, consider the advantage of proactive adaptation. After the 2023 Colonial Pipeline ransomware attack, U.S. energy firms hardened their OT systems, reducing downtime in subsequent incidents. That’s the playbook I’m following—turning geopolitical pressure into a catalyst for stronger defenses.

The Road Ahead

The reshaping geopolitical landscape isn’t a distant theory; it’s our daily reality. Global bodies have faltered, nations weaponize cybercrime, and tariffs are redrawing the map. For cybersecurity professionals, the challenges are daunting: regulatory chaos, hybrid threats, and a talent crunch. But the advantages—new alliances, innovation, and heightened awareness—give us a fighting chance.

As I tell my CyberHub listeners every day, this isn’t just about surviving; it’s about thriving in the chaos. We’re not just defenders—we’re architects of a more resilient digital future. The question is: will you adapt, or be left behind?

Leave a comment

How to Stay Ahead of the Curve

1. Proactive Intel Sharing
   Don’t wait for global bodies to (inevitably) drop the ball—build alliances with private threat intelligence groups and industry peers. Sharing IoCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures) helps to stay ahead of that shadowy threat actor with mysterious ties to some faraway land.

2. Zero-Trust Mindset
   Yes, zero-trust is a buzzword. But in a world where your new trade partner might be a double agent, limiting who can access what is just common sense. Implement strict segmentation, authentication, and least-privilege principles.

3. Robust Vendor Risk Assessments
   As tariffs nudge new relationships into your orbit, double down on vendor security due diligence. Conduct penetration tests, request SOC 2/ISO 27001 certifications, and embed cybersecurity into contract negotiations.

4. Incident Response Readiness
   Given the ever-rising tide of state-backed attacks, your incident response plan should be as agile as possible. Ensure you’ve got senior management buy-in, external counsel on speed dial, and a post-breach communications strategy that doesn’t read like a high-school drama script.

5. Continual Talent Upskilling
   If nation-states can train an army of advanced threat actors, so can we. (Well, minus the whole “criminal enterprise” part.) Invest in training, certification, and skill development for your security teams. Tools change quickly, but bright, curious minds can adapt just as fast—if not faster.