“In a hyperconnected world, attack surfaces and interdependencies will grow astonishingly quickly,” warns Steve Durbin, Managing Director of the Information Security Forum.
For the first time ever, the top five most likely global risks enumerated in the annual Global Risks Report from the World Economic Forum (PDF) are all environmental: extreme weather, climate action failure, natural disasters, biodiversity loss, and human-made environmental disasters. In terms of impact, the top five risks are climate action failure, weapons of mass destruction, biodiversity loss, extreme weather, and water crisis.
The likelihood of data fraud or theft has dropped from fourth to sixth while the likelihood of cyberattacks has dropped from fifth to seventh over last year’s annual survey. This realignment has more to do with increasing environmental threats than decreasing cyber threats. Underpinning both sets of threat is growing global nationalism and increasing geopolitical tensions that make global action on climate less likely while increasing the threat of nation-based cyberattacks.
The same background is threatening the global economic outlook. Nationalism, which weakens global trade, could lead to a fragmented internet. Economic stagnation could increase the likelihood of youngsters turning to cybercrime to ‘earn’ a living.
The report highlights the irony of the unfolding Fourth Industrial Revolution (AKA 4IR or Industry 4.0) — it provides great potential for economic and societal improvements, but brings with it counterbalancing increased cyber risk. These risks focus on the lack of security by design as manufacturers rush to be the first in the market, and the absence of global security governance.
The need for security by design is well understood. “Today, we are able to discover, assess, quantify and fix many of the issues that lead to cybersecurity risk in today’s world,” comments Alex Peay, SVP of product at intelligent automation software firm SaltStack, “but we too often make it an afterthought. If we focus on security and design and build to a secure standard, we can ensure that our innovations not only drive growth but foster security. For the first time many of the detriments of the coming Industrial Revolution are widely understood. If we are responsible and pragmatic about the adoption of security by design principles, we can avoid many of the pitfalls.”
This is not an optimistic report from the World Economic Forum. Heightening geopolitical tensions feed other issues, especially technological issues, that in turn make improving geopolitics more difficult. The danger is a downward spiral that will throw individual companies back on their own resources rather than international cooperative resources. For now, we seem to be heading for the worst of all possible worlds: connected by technology but separated by politics.
“Cyber resilience has to be the way forward — know your data, quantify risk through a scenario-driven approach, adopt an organization-wide strategy towards cybersecurity management.” Says Steve Durbin, “In addition, organizations should rethink crisis management, disaster recovery and business continuity plans, conducting full risk assessments on all external assets and services in order to plan effective responses with business leaders and to maintain a current, business-supported risk response readiness.”