Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

The Cybercrime Pandemic Keeps Spreading

The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.

Cyberattacks have become a pervasive threat to individuals, businesses, societies, and worldwide economic growth. The turbulent global geopolitical and geoeconomic environment — one that includes the possibility of a fragmented cyberspace — is also complicating the development and rollout of promising next-generation technologies.

These ideas are driven home in the World Economic Forum's (WEF) "Global Risks Report 2020," which positions cyberattacks as the seventh most-likely and eighth most-impactful risks, and the second most-concerning risk, for global business over the next 10 years. Given that revenue, profits, and brand reputation of major firms are on the line, critical infrastructure is exposed, and nation-states are cyber-warring with each other, the stakes have never been higher.

1 Million People Join the Internet Every Day
Without question, the world is embracing digital at an astonishing rate. According to the WEF report, more than half of the world's population is online. A million additional users hop aboard the Internet daily. Two-thirds of humanity carry a smartphone or some other mobile device.

As a result, data has become the fuel of the digital economy. Cisco's "VNI Forecast 2017 –2022" predicts that by 2021, IP traffic will hit 3.3 zettabytes annually — in gigabytes, that's roughly the same as all the movies ever made zipping through the globe's IP networks every minute. In reality, it means there can be zero tolerance for failure or outages.

To be sure, the modern miracles of 5G networks, quantum computing, artificial intelligence — and the world's growing reliance on the availability of network services and cloud computing — are creating huge opportunities. But they also introduce systemic risks. Large-scale blackouts can have gargantuan consequences, erode trust, dampen economic growth, exacerbate geopolitical rivalries, and create even more yawning gaps in societies.

Cyberattacks Are Expected to Increase This Year
When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats — outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).

These days, cybercrime is a highly lucrative underground venture. The notorious Dark Web provides a place to do business, the marketplace where demand shakes hands with supply. The ever-changing cybercrime-as-a-service model offers up a cornucopia of online skullduggery ranging from distributed denial-of-service (DDoS) attacks and malware to massive pilfered data sets on demand. Today, participating in cybercrime is as easy as legal e-commerce.

The WEF assumes that taking down a single cloud provider could already generate between $50 billion and $120 billion in economic harm — comparable to the financial carnage resulting from Hurricane Sandy and Hurricane Katrina. 

The Perils of Digital Innovation
So-called Industry 4.0 technologies are inherently vulnerable to a variety of cyberattacks — from data theft and ransomware to sabotage, each with potentially globally harmful outcomes. Operational technologies are at greater risk, since cyberattacks could cause more traditional kinetic impacts as technology (for example, production lines, logistics) is extended into the physical realm to form cyber-physical systems. However, employing "security-by-design" thinking to incorporate cybersecurity features into new products still plays second fiddle to getting products to market fast.

The Internet of Things (IoT) introduces another layer of worry, as it has the potential to amplify the cyberattack surface by an order of magnitude. There are an estimated 21 billion IoT devices worldwide, and various analysts predict that number will double by 2025. Not surprisingly, attacks on IoT devices ballooned by more than 300% in the first half of 2019, according to the WEF report. In September 2019, IoT devices were harnessed to take down Wikipedia through a DDoS attack, and industry pundits fully expect use of this attack methodology to increase. The WEF report wraps up by saying that, by next year, the cost of cybercrime might reach $6 trillion, according to Cybersecurity Ventures — equal to the gross domestic product of the world's third-largest economy.

Information Infrastructure Collapse Fated the Sixth Most-Impactful Risk Until 2030
Cyberattacks on critical infrastructure — rated in 2020 as the WEF's fifth top risk — are the new normal in sectors including energy, healthcare, and transportation. Some attacks have affected entire cities. The public and private sectors alike vulnerable to being held hostage. Well-organized cybercrime groups are uniting, and the likelihood of rooting them out and bringing them to justice is estimated to be as low as 0.05% in the United States, the WEF concludes. Cybercrime-as-a-service is another popular business model, since the growing sophistication of hacking tools for sale on the Dark Web has made online crime cheaper and easily accessible to almost anyone.

The world's reliance on digital technologies is changing the landscape of international and national security and bring three urgent questions to the fore. How do we protect critical infrastructure, uphold societal values, and prevent the escalation of state-on-state conflicts? More and more, digital tools are playing a key role in asymmetric warfare, enabling smaller countries and non-state actors to attack far larger and better-funded states. Viruses, ransomware, and DDoS attacks created to serve as cyber weapons have been tweaked by bad actors after being released into cyberspace. Today, cyberspace is another military domain that has sparked an entirely new and rapidly evolving arms race.

What's Next?
It's a positive sign that cybersecurity has finally attained the awareness it deserves and is on the radar of the world's leaders. Organizations can do their best to safeguard themselves against the vulnerabilities mentioned, but the days when cybersecurity was IT's role alone are a thing of the past. Today, cybersecurity is a strategic risk whose implementation and management demands commitment from every corner office on the planet.

Global leaders must commit to taking action beyond uttering fine-sounding words at Davos. Corporate governance models need to be rebuilt from the ground up. The CISO role merits far more attention in corporate boardrooms. In the digital age, every business decision will have a cybersecurity implication in one way or another. More collaborative approaches to tackling cyber threats — whether it's a coordinated effort among peers within an industry, or public-private partnerships that support information exchange between law enforcement, the legislative branch, and the private sector.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How to Prevent an AWS Cloud Bucket Data Leak."

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.