According to the World Economic Forum’s 2016 Global Risks Report, cyber-security is recognised as one of the greatest threats to business worldwide, and the global cost of crimes in cyberspace is estimated to be $445bn. By 2021, cybercrime damage is estimated to hit $6 trillion annually. To put that in perspective, that’s almost 10 percent of the world economy.
The 2019 report went on to say ,”There were further massive data breaches in 2018, new hardware weaknesses were revealed, and research pointed to the potential uses of artificial intelligence to engineer more potent cyberattacks. ” Last year also provided further evidence that cyber-attacks pose risks to critical infrastructure, prompting countries to strengthen their screening of cross-border partnerships on national security grounds.
The explosion of global connectivity, the increase in the number of internet-connected devices, and the large number
of unregulated social media channels generating untrusted content have given cyber criminals many opportunities
to exploit organizations.
Speaking at the RSA Conference in San Francisco in April 2018, Secretary Nielsen said: “Cybersecurity used to be a problem reserved for the IT department. It was something out there that someone else handled. It was not my problem. Now it is a real-life, daily concern for parents, teenagers, teachers, small business owners, and beyond. Every facet of our society is now being targeted and at every level: individuals… industries… infrastructure… institutions… and our international interests.” Simply put, it is now everyone’s problem. And it is affecting our lives, our livelihoods, and our way of life.
Cyberspace has no national boundaries, has the potential for strong asymmetry and provides global reach for nation states, organised groups or individuals to mount an attack or use cyberspace for malicious purposes. Therefore cyber security agencies are making strategy for international collaboration with their allies and partners to fight cyber crimes.
The critical capabilities for cyberspace are threat assessment, intelligence, situational awareness, information assurance, and planning. The cyber security agencies are working to coordinate the disclosure of newly-discovered vulnerabilities so that developers can correct problems before adversaries exploit them.
In 2019, FBI report has warned that “health care organizations, industrial companies, and the transportation sector,” are also being targeted. Although the attack methodologies continue to evolve, with cyber-criminals doing all they can to avoid detection, the FBI highlights three attack techniques that are being observed: email phishing campaigns, remote desktop protocol vulnerabilities and software vulnerabilities. Mitigation includes ensuring operating systems, software and device firmware are all updated with the latest security patches. Data should also be backed up regularly, and the integrity of these backups verified.
In 2016, The FBI’s Internet Crime Complaint Center (IC3) posted a warning about ransomware. Then it was urging victims to report ransomware incidents to federal law enforcement to help paint a detailed picture of the threat. The threat landscape revealed has been a constantly changing one. The frequency of attacks has remained relatively consistent, but the nature of them has not. The FBI reports that the incidence of indiscriminate ransomware campaigns, such as evidenced by WannaCry on May 2017, has “sharply declined.” However, losses from ransomware have increased significantly as the attacks become “more targeted, sophisticated and costly.”
The FBI public service announcement also makes clear the stance of the Bureau when it comes to ransom payments: don’t. While the FBI sees the need for organizations to evaluate all options to protect the business from continued disruption and financial loss, it warns that “paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.”
A worldwide cyberattack could cost global economic losses of almost $200bn as organisations across sectors are still unprepared to face the consequences of a malicious global cyber campaign. The report by the Cyber Risk Management (CyRiM) project — a collaborative partnership including Lloyd’s of London, the Cambridge Centre for Risk Studies, the Nanyang Technological University in Singapore, and others — uses a theoretical catastrophic ransomware attack to model the broader impact.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.