Sanctions Trigger Cyber Surge: Trade Barriers Fuel Wave of Digital Threats

Increased geopolitical friction through economic sanctions and trade restrictions is driving a global rise in cyberattacks, with critical sectors such as energy, finance, and healthcare facing mounting threats, according to cybersecurity expert Robert Huber, Chief Security Officer and President of Tenable Public Sector.

Huber, speaking to the Daily Guardian, pointed to historical precedents linking sanctions to retaliatory cyber operations, including Iran’s 2012 DDoS attacks on U.S. banks, North Korea’s cryptocurrency heists following export controls, and cyber campaigns by Chinese-affiliated groups in the wake of U.S. trade restrictions.

“When levers of economic influence are pulled, cyberspace often becomes the new battleground,” said Huber. 

Rapid Response

Cyber retaliation often follows geopolitical moves within days or weeks. Huber noted that after Washington imposed restrictions on Chinese tech firms in early 2021, Chinese hacking group Hafnium quickly exploited vulnerabilities in Microsoft Exchange servers, targeting U.S. entities tied to defense and research.

“These groups do not wait for tensions to simmer,” Huber said. “They seize the opportunity amid chaos and confusion.”

Industries tied to global supply chains, including tech and logistics, are particularly vulnerable during these transitions.

According to Huber, cyber threat actors prioritize interdependent sectors like:

• Energy: Vulnerable due to poor segmentation between IT and operational systems, as demonstrated by past attacks on Ukraine’s power grid.
• Finance: A frequent target during geopolitical strife, valued for both data and symbolic impact.
• Telecommunications: Strategic for espionage and surveillance.
• Healthcare: Increasingly targeted due to legacy systems and limited cybersecurity funding. 

Transition Offers Openings

Huber warned that the shift from international to domestic suppliers under pressure from trade policies creates additional cyber risk.

“Rushed compliance, untested technologies, and cloud misconfigurations create a prime environment for adversaries,” he said, adding that attackers often exploit confusion with tactics like phishing disguised as tariff notices or vendor invoices.

Smaller vendors are particularly at risk due to weaker security postures.

Tenable, Huber said, equips clients with exposure management tools to identify and mitigate vulnerabilities across IT, cloud, and operational systems.

“We help organizations move from reacting to anticipating attacks by prioritizing vulnerabilities based on business impact and threat intelligence,” Huber explained.

He emphasized integrating geopolitical developments into risk modeling, and increasing visibility across complex digital environments to preempt potential breaches.

Actors and Government Response

Countries such as China, Russia, Iran, and North Korea remain top concerns for retaliatory cyber activity. Groups like APT41, Volt Typhoon, and North Korea’s Lazarus Group have histories of targeting government agencies, infrastructure, and financial systems.

Huber called on governments to play a larger role through threat intelligence sharing, setting cybersecurity standards, and fostering public-private partnerships. He cited initiatives such as the EU’s NIS2 Directive and the U.S. Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative (JCDC) as effective models.

Building true cyber resilience requires embedding security into organizational culture and strategy, Huber said. He advocates for a Zero Trust approach, regular training, and tabletop exercises to test incident response.

“Cyber resilience is not just about technology — it’s about ensuring that your people and processes can adapt and recover quickly from threats,” he said.

Huber also highlighted the importance of diversifying supply chains and continuously assessing third-party risks.

As economic tensions increasingly spill over into cyberspace, organizations must recalibrate their risk assessments, strengthen digital defenses, and build systemic resilience. The next cyberattack may not stem from a technical failure, but from a tariff, embargo, or disrupted trade route.

“In today’s environment, cyber preparedness is not a luxury — it’s a necessity,” Huber said.