The World Economic Forum just released their 2020 Global Risk Report, a compilation of research conducted by global risk consultants and financial analysts
defining the major business risks facing the markets in both the short and long term.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
And while innovative technologies including cloud computing, autonomous vehicles, and drones are set to see rapid growth in the coming years, the threat and scale
of cyberattacks are expected to grow along with them. In fact, WEF surveys list cyberattacks as the "second most concerning risk for doing business globally over
the next 10 years."
Operational technologies in particular represent an increased risk, as "cyberattacks could cause more traditional, kinetic impacts as technology is being extended
into the physical world, creating a cyber-physical system." This is clearly demonstrated by the recent malware attack targeting a NY airport and the currency
exchange giant, Travelex. In order to avoid mass travel disruptions over the holidays, Albany airport transferring an undisclosed sum to the hackers, while
Travelex was reduced to calculating exchange rates with pen and paper.
The authors of the WEF report highlighted the need to move to a security-by-design posture, which is unfortunately "still secondary to getting products quickly
out into the market." The reason why businesses have become so dependent on firewalls, intrusion detection systems, monitoring systems, and the like is because
developers write inherently insecure code. If, on the other hand, applications were designed with security as a central requirement, we could substitute (a)
"does it work?" and (b) "is it secure?", for (c) "does it work securely?". This is an entirely different mindset that involves security throughout all the stages
of software and systems development. Starting from the early stage feasibility analysis all the way to the retirement or disposal of the product, security has to
be considered along every step of the way.
2019 saw an epidemic of cyberattacks against critical infrastructure such as energy, healthcare, transportation, and even entire cities. Public agencies as well as
private industry are equally vulnerable to digital attacks. Attempts to detect and prosecute such incidents have proven extremely difficult, with an estimated
0.05% of attacks in the US resulting in a successful prosecution.
The proliferation of IoT devices adds an additional level of risk, with a projected 41 billion devices by 2025. Attacks on IoT devices have already increased
300% in 2019 and show no signs of slowing, as is evidenced by the recent Ring scandal. In total, the WEF estimates that cybercrime will reach $6 trillion of
damage in 2021 alone, equal to the world's third largest economy.
Particular attention was given to cloud computing, and for ample reason. To cite just one example, the Cloud Hopper attack, widely believed to be the work of the
Chinese government, infected at least a dozen cloud providers hosting sensitive data for multinationals like Philips, American Airlines, Deutsche Bank, Allianz,
and GlaxoSmithKline. "With increasingly more data hosted in the cloud, companies are amassing personal information like never before, which could ultimately
create potential new data privacy and security risks." Increasingly, then, companies can no longer rest with securing their own systems, but must ensure that
their partners (and partners' partners) are equally protected as well.
The report goes on to list the specific economic and societal risks that are tied to cybercrime, but the implications are clear. Cybercrime is a real and present
danger that is here to stay. The only question is, how will you prepare for it?