Cyber security: This giant blind spot will cost us dear
The World Economic Forum’s Global Risk Report 2019 can make for some pretty depressing reading.
“At this time of year, when you’re all wondering if there can be any sunlight in this dark and dreary world. We’re here to tell you that the answer is probably no,” said Adrian Monck, head of public engagement for the WEF, injecting at least a little bit of humour to offset the grimness of the report he was introducing at the launch event in London.
Extreme weather, global warming and climate change, natural and manmade disasters – including the catastrophic impact of weapons of mass destruction – all feature in this year’s annual rundown of the issues facing the world today.
But it isn’t just environmental and geopolitical issues which feature – technology is also a major focus of the Risk’s Report, with cyber attacks and data breaches much discussed in the 2019 edition, following the inclusion of both in the 2018. It’s the first time cyber attacks and data breaches have featured in the top five global risks in terms of likelihood for two years running.
This might not be a surprise given how common large-scale cyber attacks and data breaches have become in recent years. The WannaCry ransomware and NotPetya outbreaks of 2017 showed how easily a cyber attack can cause disruption around the world and 2018 continued to see a string of data breaches.
But despite all of these high profile incidents, the report warns that governments and organisations aren’t paying enough attention to how technology can be abused for malicious intent and disruption.
“The blind spot risk that needs more attention is technology,” said Borge Brende, president of the World Economic Forum.
“That might seem a strange thing to say given how much attention technology receives, but it’s hard to overstate how reliant we are on technology or how rapidly technologies are evolving. Our networked societies are very vulnerable and cyber attacks are very important part of this”.
The report puts a heavy focus in particular on connected critical infrastructure, noting how nation-state backed hackers were able to gain access to the control rooms of US utility companies in a series of incidents that came to light in July last year.
It’s an extreme example, but it puts the focus on how technology is so vital for societies to function in the 21st century and how everything is so very interconnected . Even the most mundane items and objects can be connected to the Internet of Things, and in many case, they’re providing an additional means of hackers gaining entry to a network.
But despite warnings from the likes of the World Economic Forum, despite warnings from authorities ranging from the FBI, to Europol, to the UK’s National Cyber Security Centre, Brende is right: there’s still a massive blind spot when it comes to facing the risks posed by the rapid rise of interconnected technology and the potential damage that could be done by disruption caused by a cyber attack.
This doesn’t necessarily need to be critical infrastructure being knocked offline – data breaches can cause huge amounts of disruption. Hundreds of millions of people – if not billions – have had their personal data exposed in one way or another, and plenty of businesses have suffered economic and reputational damage after being victims of an attack.
But it keeps happening. Every government and business is aware the risks out there, but holes are repeatedly left in their infrastructure. With so many organisations seemingly playing fast and loose with cyber security – taking shortcuts, or outright not investing in securing their network – it’s no wonder that cyber attacks are so heavily featured in the WEF report.
But while the world continues to have a blind spot on the issue of interconnected technology and cyber attacks, nefarious groups – be they cyber criminal or state-sponsored – will continue to take advantage of it for their own ends, causing vast swathes damage in the process.
When it comes to the Global Risks Report for 2020, I’m pretty sure cyber attacks will still be up there as a major global risk, with the blind spot still right there, despite the damage and disruption visible to all.
READ MORE ON CYBER SECURITY