Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/21/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

When it comes to cybersecurity, the most vulnerable point of an organization is its people, not its systems. Before COVID-19, data showed us 72% of breaches arose because of organizational, process, and people failures rather than a lack of adequate technology. Combine this number with the added uncertainty of home technology and the steady increase in breach attempts during the pandemic, and you have a crisis. COVID-19 has reinforced the significance of the digital economy and, with it, the need for a resilient global cybersecurity strategy — one that allows for collaboration across corporations; governments; micro-, small and medium-sized enterprises (MSMEs); and individuals.

The World Economic Forum (WEF) estimates that global digitalization could create $100 trillion of value by 2025 — an exciting prospect and a major positive for global economies. Yet data from Cybersecurity Ventures suggests cybercrime will cost the global economy a steep $6 trillion annually by 2021, representing twice the cost of 2015 levels. It is clear that much remains to be done to protect the gains that digitalization and technological innovation bring to all corners of the world.

Sadly, COVID-19 has represented an enormous opportunity for cybercriminals — coronavirus-themed spam skyrocketed by as much as 14,000% in just a two-week period of the pandemic. Trusted sources for information — such as the World Health Organization, Centers for Disease Control and Prevention, and others — have been consistently targeted by criminals through phishing, spam, and malware.

Further, the pandemic put a spotlight on the fact that organizations have to rely on employees — who often have not received proper cybersecurity training — and information security systems that are ill-suited for remote work as gatekeepers of their most sensitive data. And though governments tend to have robust network security systems, they are just as at risk, if not more so, often due to outdated technology.

As leaders of a global business task force responsible for advising and providing recommendations on the future of digitalization to G20 Leaders, we are doubling down on our efforts to build cyber resilience, and we urge leaders to recognize the importance of cybersecurity resilience as a vital building block of our global economy.

And we must be thoughtful in our future cyber approach. A human-centric, education-first strategy will protect organizations where they are most vulnerable and get us closer to the point where cybersecurity is ingrained in our daily life rather than an afterthought.

Action through collaboration, one of our guiding principles as the voice of the private sector to the G20, is the only viable option. A public-private partnership built on cooperation among large corporations, MSMEs, academic institutions, and international governments is the cornerstone of a modern and resilient cybersecurity system. A few simple but powerful actions ingrained in a global cybersecurity strategy will bring our users into the new age of digital transformation and embed a security mindset into our day-to-day, making breach attempts significantly less successful.

To bring a strategy like this into reality, we still must address a number of hurdles, such as the perception of cybersecurity as separate from employees' work and the slow recognition of cyber as a priority for MSMEs and local governments. The pandemic has brought the importance of these shifts to the forefront. CIOs, for example, are taking their role to the next level more than ever as their IT decisions become visible to company and industry leaders through their workers' remote productivity and security, while governments worldwide realize the necessity for a strong digital infrastructure to keep their countries moving, connected, and safe.

Visibility and recognition are just the beginning. Beyond that, we have several steps ahead of us, such as:

  • Identify channels and forums for these conversations;
  • Understand the stakeholders at play from the public and private sectors;
  • Create a joint recommended set of minimum standards that can act as a starting point for professionals in cybersecurity and beyond, including those from MSMEs;
  • Embed cybersecurity into the ongoing training of all employees across the private and government sectors, and
  • Launch bold awareness campaigns through partnerships with government agencies such as the National Institute of Standards and Technology and the EU Agency for Cybersecurity.

Those of us in the cybersecurity industry know the COVID-19 pandemic won't be the last major disruption of its kind. On the contrary, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives. The truth is, a cyber pandemic is probably as inevitable as future disease pandemics, and we saw a glimpse of that with the WannaCry attack in 2017. Compounded by the pandemic-induced economic downturn, the losses of such a disruption would be insurmountable for many businesses. It is our responsibility to ensure this doesn't happen and to approach these new frontiers strategically, build on what each of our industries does best, and learn from one another.

Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom CompanyMr. Nasser S. Al-Nasser is the CEO of Saudi Telecom Company, board member of the GSMA and the chairman of SAMENA Telecommunications Council. Previously, he held multiple executive positions at stc, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15270
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
CVE-2018-21266
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2018-21267
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-27673
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27674
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.