Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

The Cybercrime Pandemic Keeps Spreading

The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.

Cyberattacks have become a pervasive threat to individuals, businesses, societies, and worldwide economic growth. The turbulent global geopolitical and geoeconomic environment — one that includes the possibility of a fragmented cyberspace — is also complicating the development and rollout of promising next-generation technologies.

These ideas are driven home in the World Economic Forum's (WEF) "Global Risks Report 2020," which positions cyberattacks as the seventh most-likely and eighth most-impactful risks, and the second most-concerning risk, for global business over the next 10 years. Given that revenue, profits, and brand reputation of major firms are on the line, critical infrastructure is exposed, and nation-states are cyber-warring with each other, the stakes have never been higher.

1 Million People Join the Internet Every Day
Without question, the world is embracing digital at an astonishing rate. According to the WEF report, more than half of the world's population is online. A million additional users hop aboard the Internet daily. Two-thirds of humanity carry a smartphone or some other mobile device.

As a result, data has become the fuel of the digital economy. Cisco's "VNI Forecast 2017 –2022" predicts that by 2021, IP traffic will hit 3.3 zettabytes annually — in gigabytes, that's roughly the same as all the movies ever made zipping through the globe's IP networks every minute. In reality, it means there can be zero tolerance for failure or outages.

To be sure, the modern miracles of 5G networks, quantum computing, artificial intelligence — and the world's growing reliance on the availability of network services and cloud computing — are creating huge opportunities. But they also introduce systemic risks. Large-scale blackouts can have gargantuan consequences, erode trust, dampen economic growth, exacerbate geopolitical rivalries, and create even more yawning gaps in societies.

Cyberattacks Are Expected to Increase This Year
When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats — outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).

These days, cybercrime is a highly lucrative underground venture. The notorious Dark Web provides a place to do business, the marketplace where demand shakes hands with supply. The ever-changing cybercrime-as-a-service model offers up a cornucopia of online skullduggery ranging from distributed denial-of-service (DDoS) attacks and malware to massive pilfered data sets on demand. Today, participating in cybercrime is as easy as legal e-commerce.

The WEF assumes that taking down a single cloud provider could already generate between $50 billion and $120 billion in economic harm — comparable to the financial carnage resulting from Hurricane Sandy and Hurricane Katrina. 

The Perils of Digital Innovation
So-called Industry 4.0 technologies are inherently vulnerable to a variety of cyberattacks — from data theft and ransomware to sabotage, each with potentially globally harmful outcomes. Operational technologies are at greater risk, since cyberattacks could cause more traditional kinetic impacts as technology (for example, production lines, logistics) is extended into the physical realm to form cyber-physical systems. However, employing "security-by-design" thinking to incorporate cybersecurity features into new products still plays second fiddle to getting products to market fast.

The Internet of Things (IoT) introduces another layer of worry, as it has the potential to amplify the cyberattack surface by an order of magnitude. There are an estimated 21 billion IoT devices worldwide, and various analysts predict that number will double by 2025. Not surprisingly, attacks on IoT devices ballooned by more than 300% in the first half of 2019, according to the WEF report. In September 2019, IoT devices were harnessed to take down Wikipedia through a DDoS attack, and industry pundits fully expect use of this attack methodology to increase. The WEF report wraps up by saying that, by next year, the cost of cybercrime might reach $6 trillion, according to Cybersecurity Ventures — equal to the gross domestic product of the world's third-largest economy.

Information Infrastructure Collapse Fated the Sixth Most-Impactful Risk Until 2030
Cyberattacks on critical infrastructure — rated in 2020 as the WEF's fifth top risk — are the new normal in sectors including energy, healthcare, and transportation. Some attacks have affected entire cities. The public and private sectors alike vulnerable to being held hostage. Well-organized cybercrime groups are uniting, and the likelihood of rooting them out and bringing them to justice is estimated to be as low as 0.05% in the United States, the WEF concludes. Cybercrime-as-a-service is another popular business model, since the growing sophistication of hacking tools for sale on the Dark Web has made online crime cheaper and easily accessible to almost anyone.

The world's reliance on digital technologies is changing the landscape of international and national security and bring three urgent questions to the fore. How do we protect critical infrastructure, uphold societal values, and prevent the escalation of state-on-state conflicts? More and more, digital tools are playing a key role in asymmetric warfare, enabling smaller countries and non-state actors to attack far larger and better-funded states. Viruses, ransomware, and DDoS attacks created to serve as cyber weapons have been tweaked by bad actors after being released into cyberspace. Today, cyberspace is another military domain that has sparked an entirely new and rapidly evolving arms race.

What's Next?
It's a positive sign that cybersecurity has finally attained the awareness it deserves and is on the radar of the world's leaders. Organizations can do their best to safeguard themselves against the vulnerabilities mentioned, but the days when cybersecurity was IT's role alone are a thing of the past. Today, cybersecurity is a strategic risk whose implementation and management demands commitment from every corner office on the planet.

Global leaders must commit to taking action beyond uttering fine-sounding words at Davos. Corporate governance models need to be rebuilt from the ground up. The CISO role merits far more attention in corporate boardrooms. In the digital age, every business decision will have a cybersecurity implication in one way or another. More collaborative approaches to tackling cyber threats — whether it's a coordinated effort among peers within an industry, or public-private partnerships that support information exchange between law enforcement, the legislative branch, and the private sector.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How to Prevent an AWS Cloud Bucket Data Leak."

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-17
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle a...
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary we...
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPor...
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortl...
PUBLISHED: 2021-05-17
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.