In coping with the global pandemic that is COVID-19, organizations shouldn’t lose sight of protecting themselves against cybercrime
Global concerns over the current spread of the novel coronavirus COVID-19 and what will happen next with the outbreak are having a major impact on the global economy. The UN’s trade and development agency (UNCTAD) says the slowdown in the global economy caused by the coronavirus outbreak is likely to cost at least $1 trillion. Organizations are moving fast to minimize the risks to their employees and processes by pausing travel and implementing remote working options for staff.
But while making these preparations to limit the impact of COVID-19 on their operations, it’s critical that companies don’t lose sight of other significant—even existential—risks to their business, such as cyberattacks. According to the World Economic Forum (WEF) Global Risks Report 2020, cyberattacks will be one of the greatest risks to businesses over the next decade, outpacing terrorism, political conflict and destruction of natural ecosystems. With the revenues, profits and brand reputations of major firms on the line, critical infrastructure exposed and nation-states waging cyberwar, the stakes have never been higher.
This is because data is the fuel powering the digital economy. Cisco Systems’ VNI Forecast 2017-2022 predicts that by 2021, IP traffic will hit 3.3 zettabytes annually; in gigabytes, that’s roughly the same as all the movies ever made crossing the globe’s IP networks every minute. This reliance on data means zero tolerance for failure or outages. Service blackouts can have gargantuan consequences, eroding trust, dampening economic growth, exacerbating geopolitical rivalries and creating even greater inequalities in societies.
Cyberattacks Expected To Ramp Up in 2020
When asked to describe the ‘short-term risk outlook’ over the next 12 months, 76.1% of the respondents to the WEF’s survey report expected cyberattacks to increase in 2020 and named them as one of the top five global threats. The reason for this is simple: Cybercrime is highly lucrative. The notorious Darknet provides a place to do business. The ever-changing cybercrime-as-a-service model offers a huge range of options for the would-be attacker, ranging from distributed denial-of-service attacks and malware to massive pilfered data sets on demand. Today, participating in cybercrime is as easy as legal e-commerce.
To highlight just how widespread DDoS attacks are, a recent report showed that over 80% of organizations have been hit by a DDoS attack over the past two years, making cybercrime a true pandemic. The WEF assumes that taking down a single cloud provider could already generate between $50 billion and $120 billion in economic harm, comparable to the financial carnage resulting from Hurricane Sandy and Hurricane Katrina.
Digital Innovation Dangers
Furthermore, Industry 4.0 technologies are inherently vulnerable to a variety of cyberattacks, from data theft and ransomware to sabotage, each with potentially globally harmful outcomes. Operational technologies are at risk since cyberattacks could have significant knock-on effects as technologies such as production lines and logistics are extended into the physical realm to form cyber-physical systems.
The IoT introduces another vector, as it has the potential to amplify the cyberattack surface by an order of magnitude. There are an estimated 21 billion IoT devices worldwide, and various analysts predict that number will double by 2025. Not surprisingly, attacks on IoT devices grew by more than 300% in the first half of 2019, according to the WEF report. In September 2019, IoT devices were harnessed to take down Wikipedia through a DDoS attack, and this attack methodology will only increase. The WEF report also points out that by 2021, the cost of cybercrime could hit $6 trillion, equal to the current economic impact of COVID-19.
Impacts on Infrastructure
Cyberattacks on critical infrastructure—rated in 2020 as the WEF’s fifth top risk—are the new normal in sectors including energy, health care and transportation. Some attacks have affected entire cities. The public and private sectors alike vulnerable to being held hostage. Cybercrime-as-a-service is another popular business model since the growing sophistication of hacking tools for sale on the Darknet has made online crime cheaper and easily accessible to almost anyone.
The world’s reliance on digital technologies is changing the landscape of international and national security and bring three urgent questions to the fore: How do we protect critical infrastructure, uphold societal values and prevent the escalation of state-on-state conflicts? More and more, digital tools are playing a key role in asymmetric warfare, enabling smaller countries and non-state actors to attack far larger and better-funded states. Viruses, ransomware and DDoS attacks created by nation-states to serve as cyber weapons have been tweaked by bad actors after being released publicly, making the internet a venue for a rapidly evolving arms race.
Strengthening Cyber Defenses
So how should organizations boost their immunity again cyberattacks? Cybersecurity needs to be on the agenda of every person in an organization, from the C-Suite to engineers, with the role of the CISO represented in the boardroom. Beyond individual organizations, global leaders need to take action, and not just uttering platitudes at Davos. Today, every business decision has a cyber-implication. We need more collaborative approaches to tackling cyberthreats, whether these involve a coordinated effort between peers within an industry or public-private-partnerships that support information exchange between law enforcement, the legislative branch and the private sector. It’s time to come together on a worldwide scale and unite in the war against the cybercrime pandemic.