Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/21/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

When it comes to cybersecurity, the most vulnerable point of an organization is its people, not its systems. Before COVID-19, data showed us 72% of breaches arose because of organizational, process, and people failures rather than a lack of adequate technology. Combine this number with the added uncertainty of home technology and the steady increase in breach attempts during the pandemic, and you have a crisis. COVID-19 has reinforced the significance of the digital economy and, with it, the need for a resilient global cybersecurity strategy — one that allows for collaboration across corporations; governments; micro-, small and medium-sized enterprises (MSMEs); and individuals.

The World Economic Forum (WEF) estimates that global digitalization could create $100 trillion of value by 2025 — an exciting prospect and a major positive for global economies. Yet data from Cybersecurity Ventures suggests cybercrime will cost the global economy a steep $6 trillion annually by 2021, representing twice the cost of 2015 levels. It is clear that much remains to be done to protect the gains that digitalization and technological innovation bring to all corners of the world.

Sadly, COVID-19 has represented an enormous opportunity for cybercriminals — coronavirus-themed spam skyrocketed by as much as 14,000% in just a two-week period of the pandemic. Trusted sources for information — such as the World Health Organization, Centers for Disease Control and Prevention, and others — have been consistently targeted by criminals through phishing, spam, and malware.

Further, the pandemic put a spotlight on the fact that organizations have to rely on employees — who often have not received proper cybersecurity training — and information security systems that are ill-suited for remote work as gatekeepers of their most sensitive data. And though governments tend to have robust network security systems, they are just as at risk, if not more so, often due to outdated technology.

As leaders of a global business task force responsible for advising and providing recommendations on the future of digitalization to G20 Leaders, we are doubling down on our efforts to build cyber resilience, and we urge leaders to recognize the importance of cybersecurity resilience as a vital building block of our global economy.

And we must be thoughtful in our future cyber approach. A human-centric, education-first strategy will protect organizations where they are most vulnerable and get us closer to the point where cybersecurity is ingrained in our daily life rather than an afterthought.

Action through collaboration, one of our guiding principles as the voice of the private sector to the G20, is the only viable option. A public-private partnership built on cooperation among large corporations, MSMEs, academic institutions, and international governments is the cornerstone of a modern and resilient cybersecurity system. A few simple but powerful actions ingrained in a global cybersecurity strategy will bring our users into the new age of digital transformation and embed a security mindset into our day-to-day, making breach attempts significantly less successful.

To bring a strategy like this into reality, we still must address a number of hurdles, such as the perception of cybersecurity as separate from employees' work and the slow recognition of cyber as a priority for MSMEs and local governments. The pandemic has brought the importance of these shifts to the forefront. CIOs, for example, are taking their role to the next level more than ever as their IT decisions become visible to company and industry leaders through their workers' remote productivity and security, while governments worldwide realize the necessity for a strong digital infrastructure to keep their countries moving, connected, and safe.

Visibility and recognition are just the beginning. Beyond that, we have several steps ahead of us, such as:

  • Identify channels and forums for these conversations;
  • Understand the stakeholders at play from the public and private sectors;
  • Create a joint recommended set of minimum standards that can act as a starting point for professionals in cybersecurity and beyond, including those from MSMEs;
  • Embed cybersecurity into the ongoing training of all employees across the private and government sectors, and
  • Launch bold awareness campaigns through partnerships with government agencies such as the National Institute of Standards and Technology and the EU Agency for Cybersecurity.

Those of us in the cybersecurity industry know the COVID-19 pandemic won't be the last major disruption of its kind. On the contrary, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives. The truth is, a cyber pandemic is probably as inevitable as future disease pandemics, and we saw a glimpse of that with the WannaCry attack in 2017. Compounded by the pandemic-induced economic downturn, the losses of such a disruption would be insurmountable for many businesses. It is our responsibility to ensure this doesn't happen and to approach these new frontiers strategically, build on what each of our industries does best, and learn from one another.

Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom CompanyMr. Nasser S. Al-Nasser is the CEO of Saudi Telecom Company, board member of the GSMA and the chairman of SAMENA Telecommunications Council. Previously, he held multiple executive positions at stc, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...