In classical military doctrine, a kinetic strike is preceded by a phase of prolonged and painstaking reconnaissance. Drones appear over enemy territory and electronic intelligence maps the location of key communication nodes. In digital reality, this process is accelerated and almost completely automated, blurring the lines between peacetime and hybrid warfare states. The latest data provided by Akamai, showing an unprecedented 245 per cent increase in malicious internet traffic linked to tensions over Iran, demonstrates that the European and global business sector has become an active, though often unwitting, training ground for big politics.
This phenomenon should not be interpreted merely in terms of incidental hacking attacks. The scale and nature of the recorded activity suggest an intelligence operation on a massive scale. Instead of spectacular but short-lived acts of sabotage, what is being observed is a systematic ‘tug on the handles’ of digital infrastructure. Botnets based on advanced algorithms are constantly scanning ports, searching for open services and cataloguing security vulnerabilities. This phenomenon can be described as digital asset mapping. For operators, this means that every publicly accessible element of their IT architecture has most likely already been included in the databases of geopolitically inspired actors. The aim is not immediate destruction, but to create a precise map of targets to be used when political tensions reach a critical point.
The logistics of these activities provide a picture of the extremely complex nature of contemporary threats. Although the political vector points to Tehran, the digital footprints lead to infrastructure located in Russia and China. More than a third of malicious traffic operates via Russian proxy servers, creating a kind of infrastructure of impunity. The use of systems located in countries that rarely co-operate with Western cybercrime law enforcement agencies allows attackers to almost completely obliterate attribution trails. In this context, the origin of the IP address ceases to be a reliable indicator of the location of the aggressor, becoming merely an element in a complex game of appearances. The conclusion for business decision-makers is that traditional traffic filtering methods based solely on geographical blacklists are becoming an inadequate tool against an adversary with such a deep logistical base.
Of particular concern is the fact that the financial sector and the thriving fintech industry have become the main targets. Four out of ten recorded attacks targeted banking institutions. This choice is no accident. The financial system is the lifeblood of the modern economy, and customer confidence in the stability of their funds is the foundation of social order. The paralysis of a transaction system or the massive leakage of access data generates consequences far more severe and long-term than the destruction of physical infrastructure. The case of the US financial institution, which had to fend off 13 million packets of data coming from the Iranian direction in a short period of time, shows that we are dealing with attempts to create a digital shock that has a direct impact on the operational stability of entire countries.
The concept of digital isolationism, or geofencing, is gaining ground as a pragmatic risk management strategy. The suggestion by experts to completely prevent access to key services from regions in which an organisation has no real business appears to be a rational response to the asymmetry of modern conflicts. There may be resistance to this approach, but from a capital security and data protection perspective, minimising points of contact with potentially hostile environments is a purely economic decision. Keeping infrastructure fully accessible to regions that generate only harmful traffic is a cost that becomes difficult to justify to shareholders and regulators in the current geopolitical situation.
The role of boards of directors and chief operating officers in this process is evolving. Cyber security has become an integral part of political and strategic risk analysis. The realisation that the 245% increase in botnet activity is not information hype, but a precise preparatory exercise, is changing the way infrastructure protection investments are viewed. They are no longer just a fail-safe policy, but an essential part of defending against the effects of global political reshuffling.
To summarise the scale of the challenges facing modern business, it is important to acknowledge that in the digital space, the first shot in the conflict with Iran has long since been fired. It was every automated port scan, every password collected and every data packet blocked as part of the shockwave that has been recorded in recent months. The adversary is not waiting for an official declaration of war; he is already there, patiently mapping resources and looking for the weakest link. For the organisation, the key question becomes how much of an unreadable and difficult-to-fix picture of their own structure they will present to those who are secretly watching their every digital move. In this game of survival, the advantage will be gained by those who are able to turn cold statistical data into a far-sighted strategy for protecting their own digital sovereignty.
