You Might Not Be Interested in Geopolitics, but Geopolitics is Interested in You
11–4–2024 (Monday)
Hello and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for growth stage companies, investors, and management teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, November 4, 2024, and it’s finally almost Election Day here in the US, so we’re going to do a bit of a geopolitical focus today, as we’ve seen lots of moves at the government level in the past week.
You Might Not Be Interested in Geopolitics, but Geopolitics is Interested in You
The Telegraph has an article entitled “Why Chinese spies are sending a chill through Silicon Valley” which features this great quote:
“If you are operating at the cutting edge of tech in this decade, you may not be interested in geopolitics, but geopolitics is interested in you,” said Ken McCallum, MI5’s director general.
This article comes hot on the heels of a new Secure Innovation campaign released by the Five Eyes joint intelligence partnership (those five being, of course, the US, UK, Canada, Australia, and New Zealand).
This document does a nice job of laying out the risks and how to counter them both for leadership teams at growing companies, and for investors.
In short, they lay out five principles to secure these innovations:
Know the Threats
Secure your Environment
Secure your Products
Secure your Partnerships
Secure your Growth
Again - these are not specific controls, but for those approaching security for the first time, these principles are helpful. If you’re looking for more specifics, there’s plenty from some of the other “eyes” in Five Eyes.
Governments in both the US and Canada released strategic cyber assessments, linked to below.
In particular, Canada calls out two main risk factors:
Cyber threats from state adversaries; and
The rise of Cybercrime-as-a-Service (in particular, ransomware).
Perhaps most interestingly in Canada’s piece is the states they call out. The usual suspects are there - China, Russia, and Iran (in that order) - but Canada also formally calls out India as a threat, noting "We assess that Indian state-sponsored cyber threat actors likely conduct cyber threat activity against Government of Canada networks for the purpose of espionage. We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada."
The Canadian assessment also notes that “In the next two years, ransomware actors will almost certainly escalate their extortion tactics and refine their capabilities to increase pressure on victims to pay ransoms and evade law enforcement detection.”
Meanwhile, in the US, the Cybersecurity & Infrastructure Security Agency (CISA) published their 2025-26 International Strategic Plan. This plan lays out only three specific goals:
1. Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends.
2. Strengthen Integrated Cyber Defense.
3. Unify Agency Coordination of International Activities.
Between these goals and the Five Eyes announcements, it’s clear what we’ve been saying for a while on this channel: cybersecurity is a team sport - and will be that way for the foreseeable future.
That said, the team of adversaries on the other side - whether they be criminals, nation states, or inadvertent clicks from our own users - are also building momentum and will also be that way for the foreseeable future.
It’s heartening to see these conversations continuing (and, in many cases, accelerating) at the governmental level because it truly feels like they’ve reached the point where they’ll need governmental solutions.
You and I won’t end the scourge that is ransomware, or influence an adversarial foreign Intelligence service.
But there’s still plenty we can control that will impact how we interact with these threats, regardless of their source. To that end, it’s my hope that continued collaboration at these highest levels will also drive each of us to collaborate at all levels of our own organizations and with colleagues in other organizations for goals beyond just shared survival, but moving towards supporting mutual growth & benefit.
Fundraising
From a fundraising perspective, if you thought last week was a big number, get ready for this week - as we saw more than $48B in newly committed capital, including:
TPG raised nearly $5b for its second climate-focused fund
Quantum Capital Group raised $5.25b for its eighth flagship energy PE fund, plus $2.8b for a structured capital fund and $2b for other associated funds.
Berkshire Partners raised $7.8b for its 11th private equity fund.
Blackstone raised $22b for a new direct lending fund.
I would read all of this new capital as a signal that there’s going to be opportunity post-election, and these firms are attempting to position themselves well for those opportunities. Are you?
With that, a reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://www.ncsc.gov.uk/news/five-eyes-launch-shared-advice-tech-startups
https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2025-2026
https://www.cisa.gov/2025-2026-cisa-international-strategic-plan