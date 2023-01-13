International
The WEF Global Risk Report 2023 puts cyber security on the agenda
A lot has happened in the 12 months since the previous World Economic Forum (WEF) “Global Risk Report”. Russia invaded Ukraine. The consequent impact on food and energy supplies has led to a cost of living crisis being experienced by many. Extreme weather events have become a reality for more and more people. This rapid change is the background of the report.
The 2023 report points out that there is no single dominant crisis facing the world and there are, and will continue to be, ongoing crises that organizations, governments and countries must navigate. Attacks on critical national infrastructure (CNI), widespread cyber crime and cyber insecurity are highlighted as major risks over the next 10 years at the WEF.Global Risk Report 2023”, published on January 11.
In terms of the current crises identified in the WEF report, cyberattacks emerging or present today on critical infrastructure are the only technological risk that appears on the table. CNI attacks are in high demand by malicious threats, as they can result in high-profile trust failures, potential dirt for ransomware, and can even lead to civil unrest.
The report comments: “In addition to the rise in cybercrime, attempts to disrupt technology-enabled critical resources and services will become more common, with predicted attacks against agriculture and water, financial systems, public safety, transportation, energy and the home, space-based and underwater communications infrastructure”.
Examples of such attacks today include the UK’s Royal Mail, which is currently dealing with a “cyber incident” that has resulted in the organization asking people to stop sending mail and parcels abroad. The NOTAM (Notice to Air Missions) system outage that halted U.S. flights on Jan. 11 is being investigated as a possible “malicious cyber incident,” though that’s only one aspect of an investigation into the outage ordered by President Biden. . Attacks on healthcare facilities, water supplies, fuel pipelines and more serve as a reminder of what the “C” in CNI stands for if something is defined as critical, it needs strong cybersecurity protections and resilience to ‘kept people and societies safe and functioning. as it will always be a target for cyber attacks.
Listed risks
There’s a lot to read in the 98-page WEF report. Although there are seven risks that appear in both the two- and 10-year perspectives ahead of pervasive cybercrime and cyberinsecurity, this is the top technology risk, ranking 8th in both of these perspectives.
Indeed, there is little reference to cybercrime specifically in the report beyond the definition of “pervasive cybercrime and cyberinsecurity,” which is described as “increasingly sophisticated cyberespionage or cybercrime. It includes, but is not limited to: loss of privacy, data fraud or theft, and cyber espionage.”
Cybercrime is a daily reality today. As just one example, ransomware continues to be a scourge on society and organizations, but the opportunities and potential returns are so great that it is here to stay. Phishing, defacing websites, and identity theft are just a few more examples of cybercrime that will continue. Omdia’s security breach tracker has consistently shown that data exposure is the leading outcome of security breaches, accounting for around two-thirds of breaches in the first half of 2022.
This approximate number of two-thirds has been consistent since 2019. The tracker also analyzes the share of breaches by industry or vertical, and healthcare was the largest sector affected by security breaches in the first half of 2022, the followed by the government sector. The healthcare and government sectors have shared “highlights” over the same three-year period as the data exposure. It’s fair to say that data is poorly protected today and that government and healthcare are big targets for data because of the type of information they hold.
Cybersecurity is useful terminology when we know that many organizations do not have adequate cyber security capabilities. Omdia’s IT Enterprise Insights 2022-23 found that 27% of organizations describe themselves as “well advanced” in security, identity and privacy management, and a further 34% as “advanced”, leaving 39% of organizations with a fundamentally inadequate approach.
