Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/21/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

When it comes to cybersecurity, the most vulnerable point of an organization is its people, not its systems. Before COVID-19, data showed us 72% of breaches arose because of organizational, process, and people failures rather than a lack of adequate technology. Combine this number with the added uncertainty of home technology and the steady increase in breach attempts during the pandemic, and you have a crisis. COVID-19 has reinforced the significance of the digital economy and, with it, the need for a resilient global cybersecurity strategy — one that allows for collaboration across corporations; governments; micro-, small and medium-sized enterprises (MSMEs); and individuals.

The World Economic Forum (WEF) estimates that global digitalization could create $100 trillion of value by 2025 — an exciting prospect and a major positive for global economies. Yet data from Cybersecurity Ventures suggests cybercrime will cost the global economy a steep $6 trillion annually by 2021, representing twice the cost of 2015 levels. It is clear that much remains to be done to protect the gains that digitalization and technological innovation bring to all corners of the world.

Sadly, COVID-19 has represented an enormous opportunity for cybercriminals — coronavirus-themed spam skyrocketed by as much as 14,000% in just a two-week period of the pandemic. Trusted sources for information — such as the World Health Organization, Centers for Disease Control and Prevention, and others — have been consistently targeted by criminals through phishing, spam, and malware.

Further, the pandemic put a spotlight on the fact that organizations have to rely on employees — who often have not received proper cybersecurity training — and information security systems that are ill-suited for remote work as gatekeepers of their most sensitive data. And though governments tend to have robust network security systems, they are just as at risk, if not more so, often due to outdated technology.

As leaders of a global business task force responsible for advising and providing recommendations on the future of digitalization to G20 Leaders, we are doubling down on our efforts to build cyber resilience, and we urge leaders to recognize the importance of cybersecurity resilience as a vital building block of our global economy.

And we must be thoughtful in our future cyber approach. A human-centric, education-first strategy will protect organizations where they are most vulnerable and get us closer to the point where cybersecurity is ingrained in our daily life rather than an afterthought.

Action through collaboration, one of our guiding principles as the voice of the private sector to the G20, is the only viable option. A public-private partnership built on cooperation among large corporations, MSMEs, academic institutions, and international governments is the cornerstone of a modern and resilient cybersecurity system. A few simple but powerful actions ingrained in a global cybersecurity strategy will bring our users into the new age of digital transformation and embed a security mindset into our day-to-day, making breach attempts significantly less successful.

To bring a strategy like this into reality, we still must address a number of hurdles, such as the perception of cybersecurity as separate from employees' work and the slow recognition of cyber as a priority for MSMEs and local governments. The pandemic has brought the importance of these shifts to the forefront. CIOs, for example, are taking their role to the next level more than ever as their IT decisions become visible to company and industry leaders through their workers' remote productivity and security, while governments worldwide realize the necessity for a strong digital infrastructure to keep their countries moving, connected, and safe.

Visibility and recognition are just the beginning. Beyond that, we have several steps ahead of us, such as:

  • Identify channels and forums for these conversations;
  • Understand the stakeholders at play from the public and private sectors;
  • Create a joint recommended set of minimum standards that can act as a starting point for professionals in cybersecurity and beyond, including those from MSMEs;
  • Embed cybersecurity into the ongoing training of all employees across the private and government sectors, and
  • Launch bold awareness campaigns through partnerships with government agencies such as the National Institute of Standards and Technology and the EU Agency for Cybersecurity.

Those of us in the cybersecurity industry know the COVID-19 pandemic won't be the last major disruption of its kind. On the contrary, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives. The truth is, a cyber pandemic is probably as inevitable as future disease pandemics, and we saw a glimpse of that with the WannaCry attack in 2017. Compounded by the pandemic-induced economic downturn, the losses of such a disruption would be insurmountable for many businesses. It is our responsibility to ensure this doesn't happen and to approach these new frontiers strategically, build on what each of our industries does best, and learn from one another.

Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom CompanyMr. Nasser S. Al-Nasser is the CEO of Saudi Telecom Company, board member of the GSMA and the chairman of SAMENA Telecommunications Council. Previously, he held multiple executive positions at stc, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...