By J Connolly
The World Economic Forum’s Global Risks Report 2018 released this January warns of the increasing likelihood of cyber attacks and their growing potential to disrupt the world economy.
The yearly report, designed to map the global risk landscape, sees cyber attacks as the third most likely global risk to take place after natural disasters and extreme weather events. More shockingly, the report predicts that potential cyber attacks could have the sixth largest impact of all global risks, beaten only by threats such as nuclear war and climate change.
The report cites the increasing number of attacks on businesses last year and the rising financial implications of hacks and breaches as key evidence for the escalation of cyber threats. The cost of cybercrime for businesses is expected to reach $8 trillion over the next five years.
WannaCry features predominantly in the report as a foreshadowing of future threats. The malware highlighted how cyber attacks could quickly dismantle critical infrastructure when it affected 300,000 computers in 2017 and ground NHS operations to a halt. The WEF acknowledges that the most recent attacks on infrastructure have not succeeded, but a succession of near misses have convinced the report’s authors that our increased dependency on information systems means future impacts are a tangible threat.
The cyber security of Critical National Infrastructure and industrial control systems (ICS) have been subject to growing scrutiny in the information security world after high profile attacks on power grids in Ukraine and more recently, the Trisis malware attack on Middle Eastern oil and gas facilities. Speakers at our own Enterprise Security and Risk Management conference will be exploring the security of ICS in April. Though not common, and currently limited to nation state attackers, the potential for these attacks to cause widespread disruption and damage have brought them to global attention and created new demands to patch and protect systems which were designed for the pre-internet age.
While the risks and impacts listed in the report will be familiar to those who work in security, it is incredibly heartening to see that information security risks are being taken so seriously outside of the usual technology sphere. Enterprises have already begun to acknowledge the growing cyber threat with the elevation of the Chief Information Security Officers to the board level. Meanwhile legislative changes such as the NIS directive and GDPR have also led the way in forcing unwilling enterprises to take information security seriously.
Solutions for the growing cyber threat are hard to prescribe, but franks acknowledgment of the risks global enterprises face are a positive step towards tackling the cyber security challenges of the future.
Whitehall Media have two information security and cyber conferences coming up: Enterprise Security & Risk Management on 19 April and Enterprise Cyber Security on 10 May. More information about the events can be found here: