Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/3/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Cybercrime Pandemic Keeps Spreading

The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.

Cyberattacks have become a pervasive threat to individuals, businesses, societies, and worldwide economic growth. The turbulent global geopolitical and geoeconomic environment — one that includes the possibility of a fragmented cyberspace — is also complicating the development and rollout of promising next-generation technologies.

These ideas are driven home in the World Economic Forum's (WEF) "Global Risks Report 2020," which positions cyberattacks as the seventh most-likely and eighth most-impactful risks, and the second most-concerning risk, for global business over the next 10 years. Given that revenue, profits, and brand reputation of major firms are on the line, critical infrastructure is exposed, and nation-states are cyber-warring with each other, the stakes have never been higher.

1 Million People Join the Internet Every Day
Without question, the world is embracing digital at an astonishing rate. According to the WEF report, more than half of the world's population is online. A million additional users hop aboard the Internet daily. Two-thirds of humanity carry a smartphone or some other mobile device.

As a result, data has become the fuel of the digital economy. Cisco's "VNI Forecast 2017 –2022" predicts that by 2021, IP traffic will hit 3.3 zettabytes annually — in gigabytes, that's roughly the same as all the movies ever made zipping through the globe's IP networks every minute. In reality, it means there can be zero tolerance for failure or outages.

To be sure, the modern miracles of 5G networks, quantum computing, artificial intelligence — and the world's growing reliance on the availability of network services and cloud computing — are creating huge opportunities. But they also introduce systemic risks. Large-scale blackouts can have gargantuan consequences, erode trust, dampen economic growth, exacerbate geopolitical rivalries, and create even more yawning gaps in societies.

Cyberattacks Are Expected to Increase This Year
When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats — outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).

These days, cybercrime is a highly lucrative underground venture. The notorious Dark Web provides a place to do business, the marketplace where demand shakes hands with supply. The ever-changing cybercrime-as-a-service model offers up a cornucopia of online skullduggery ranging from distributed denial-of-service (DDoS) attacks and malware to massive pilfered data sets on demand. Today, participating in cybercrime is as easy as legal e-commerce.

The WEF assumes that taking down a single cloud provider could already generate between $50 billion and $120 billion in economic harm — comparable to the financial carnage resulting from Hurricane Sandy and Hurricane Katrina. 

The Perils of Digital Innovation
So-called Industry 4.0 technologies are inherently vulnerable to a variety of cyberattacks — from data theft and ransomware to sabotage, each with potentially globally harmful outcomes. Operational technologies are at greater risk, since cyberattacks could cause more traditional kinetic impacts as technology (for example, production lines, logistics) is extended into the physical realm to form cyber-physical systems. However, employing "security-by-design" thinking to incorporate cybersecurity features into new products still plays second fiddle to getting products to market fast.

The Internet of Things (IoT) introduces another layer of worry, as it has the potential to amplify the cyberattack surface by an order of magnitude. There are an estimated 21 billion IoT devices worldwide, and various analysts predict that number will double by 2025. Not surprisingly, attacks on IoT devices ballooned by more than 300% in the first half of 2019, according to the WEF report. In September 2019, IoT devices were harnessed to take down Wikipedia through a DDoS attack, and industry pundits fully expect use of this attack methodology to increase. The WEF report wraps up by saying that, by next year, the cost of cybercrime might reach $6 trillion, according to Cybersecurity Ventures — equal to the gross domestic product of the world's third-largest economy.

Information Infrastructure Collapse Fated the Sixth Most-Impactful Risk Until 2030
Cyberattacks on critical infrastructure — rated in 2020 as the WEF's fifth top risk — are the new normal in sectors including energy, healthcare, and transportation. Some attacks have affected entire cities. The public and private sectors alike vulnerable to being held hostage. Well-organized cybercrime groups are uniting, and the likelihood of rooting them out and bringing them to justice is estimated to be as low as 0.05% in the United States, the WEF concludes. Cybercrime-as-a-service is another popular business model, since the growing sophistication of hacking tools for sale on the Dark Web has made online crime cheaper and easily accessible to almost anyone.

The world's reliance on digital technologies is changing the landscape of international and national security and bring three urgent questions to the fore. How do we protect critical infrastructure, uphold societal values, and prevent the escalation of state-on-state conflicts? More and more, digital tools are playing a key role in asymmetric warfare, enabling smaller countries and non-state actors to attack far larger and better-funded states. Viruses, ransomware, and DDoS attacks created to serve as cyber weapons have been tweaked by bad actors after being released into cyberspace. Today, cyberspace is another military domain that has sparked an entirely new and rapidly evolving arms race.

What's Next?
It's a positive sign that cybersecurity has finally attained the awareness it deserves and is on the radar of the world's leaders. Organizations can do their best to safeguard themselves against the vulnerabilities mentioned, but the days when cybersecurity was IT's role alone are a thing of the past. Today, cybersecurity is a strategic risk whose implementation and management demands commitment from every corner office on the planet.

Global leaders must commit to taking action beyond uttering fine-sounding words at Davos. Corporate governance models need to be rebuilt from the ground up. The CISO role merits far more attention in corporate boardrooms. In the digital age, every business decision will have a cybersecurity implication in one way or another. More collaborative approaches to tackling cyber threats — whether it's a coordinated effort among peers within an industry, or public-private partnerships that support information exchange between law enforcement, the legislative branch, and the private sector.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How to Prevent an AWS Cloud Bucket Data Leak."

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.