Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/21/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

When it comes to cybersecurity, the most vulnerable point of an organization is its people, not its systems. Before COVID-19, data showed us 72% of breaches arose because of organizational, process, and people failures rather than a lack of adequate technology. Combine this number with the added uncertainty of home technology and the steady increase in breach attempts during the pandemic, and you have a crisis. COVID-19 has reinforced the significance of the digital economy and, with it, the need for a resilient global cybersecurity strategy — one that allows for collaboration across corporations; governments; micro-, small and medium-sized enterprises (MSMEs); and individuals.

The World Economic Forum (WEF) estimates that global digitalization could create $100 trillion of value by 2025 — an exciting prospect and a major positive for global economies. Yet data from Cybersecurity Ventures suggests cybercrime will cost the global economy a steep $6 trillion annually by 2021, representing twice the cost of 2015 levels. It is clear that much remains to be done to protect the gains that digitalization and technological innovation bring to all corners of the world.

Sadly, COVID-19 has represented an enormous opportunity for cybercriminals — coronavirus-themed spam skyrocketed by as much as 14,000% in just a two-week period of the pandemic. Trusted sources for information — such as the World Health Organization, Centers for Disease Control and Prevention, and others — have been consistently targeted by criminals through phishing, spam, and malware.

Further, the pandemic put a spotlight on the fact that organizations have to rely on employees — who often have not received proper cybersecurity training — and information security systems that are ill-suited for remote work as gatekeepers of their most sensitive data. And though governments tend to have robust network security systems, they are just as at risk, if not more so, often due to outdated technology.

As leaders of a global business task force responsible for advising and providing recommendations on the future of digitalization to G20 Leaders, we are doubling down on our efforts to build cyber resilience, and we urge leaders to recognize the importance of cybersecurity resilience as a vital building block of our global economy.

And we must be thoughtful in our future cyber approach. A human-centric, education-first strategy will protect organizations where they are most vulnerable and get us closer to the point where cybersecurity is ingrained in our daily life rather than an afterthought.

Action through collaboration, one of our guiding principles as the voice of the private sector to the G20, is the only viable option. A public-private partnership built on cooperation among large corporations, MSMEs, academic institutions, and international governments is the cornerstone of a modern and resilient cybersecurity system. A few simple but powerful actions ingrained in a global cybersecurity strategy will bring our users into the new age of digital transformation and embed a security mindset into our day-to-day, making breach attempts significantly less successful.

To bring a strategy like this into reality, we still must address a number of hurdles, such as the perception of cybersecurity as separate from employees' work and the slow recognition of cyber as a priority for MSMEs and local governments. The pandemic has brought the importance of these shifts to the forefront. CIOs, for example, are taking their role to the next level more than ever as their IT decisions become visible to company and industry leaders through their workers' remote productivity and security, while governments worldwide realize the necessity for a strong digital infrastructure to keep their countries moving, connected, and safe.

Visibility and recognition are just the beginning. Beyond that, we have several steps ahead of us, such as:

  • Identify channels and forums for these conversations;
  • Understand the stakeholders at play from the public and private sectors;
  • Create a joint recommended set of minimum standards that can act as a starting point for professionals in cybersecurity and beyond, including those from MSMEs;
  • Embed cybersecurity into the ongoing training of all employees across the private and government sectors, and
  • Launch bold awareness campaigns through partnerships with government agencies such as the National Institute of Standards and Technology and the EU Agency for Cybersecurity.

Those of us in the cybersecurity industry know the COVID-19 pandemic won't be the last major disruption of its kind. On the contrary, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives. The truth is, a cyber pandemic is probably as inevitable as future disease pandemics, and we saw a glimpse of that with the WannaCry attack in 2017. Compounded by the pandemic-induced economic downturn, the losses of such a disruption would be insurmountable for many businesses. It is our responsibility to ensure this doesn't happen and to approach these new frontiers strategically, build on what each of our industries does best, and learn from one another.

Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom CompanyMr. Nasser S. Al-Nasser is the CEO of Saudi Telecom Company, board member of the GSMA and the chairman of SAMENA Telecommunications Council. Previously, he held multiple executive positions at stc, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...