A WEF (World Economic Forum) report lists cyber crime alongside COVID-19, climate change and the debt crisis as the biggest threats facing society in the next decade.
Its 2021 Global Risks Report says cyber attacks pose a bigger immediate risk than terrorism, and are potentially catastrophic in both the short and long term.
For an idea of how severe the threat is, IT Governance recorded more than a thousand publicly disclosed security incidents in 2020, which resulted in more than 20 billion breached records.
To mitigate the threat, the WEF calls for the widespread adoption of privacy by design in new technologies and digital services, as well as stronger regulation of digital technologies.
These are common in Europe, following the introduction of the GDPR (General Data Protection Regulation) and its UK equivalent, but data protection and data privacy laws leave a lot to be desired elsewhere in the world.
This is particularly true in the US, which relies on a patchwork of federal laws that only begin to scratch the surface of effective information security and privacy.
We may see improvements, especially if other states follow California, which introduced the CCPA (California Consumer Privacy Act) last year and will be expanding upon it in 2023 with the CPRA (California Privacy Rights Act).
But even with stricter regulation, it will still take a monumental effort from organisations to slow the increasingly rampant cyber crime industry.
Political attacks
Private businesses bear the brunt of cyber attacks, but the damage pales in comparison to incidents targeting governments, political parties and critical infrastructure.
In those cases, the threat of individuals being exposed to fraud is greater than an organisation going out of business.
The most notable example was the state-sponsored attacks during the 2016 US presidential election, with multiple intelligence reports concluding that Russian actors targeted the Democratic National Convention and Hillary Clinton’s campaign manager, John Podesta, to swing the election in favour of Donald Trump.
That was just the tip of the iceberg. The WEF found there have been more than 400 “significant” cyber attacks since 2016 – with 47 of them targeting the UK.
We’ve seen governments, technology providers, hospitals and even COVID-19 researchers come under attack, with the long-term effects rippling through society in the same way as a terrorist attack or a global pandemic.
Practically every part of our lives is now technologically mediated – particularly during the pandemic – with cyber security at the forefront of our minds on a daily basis.
If organisations don’t act now, they will suffer the consequences. A best-case scenario involves you being set back years as customers flee to your rivals, whereas a catastrophic attack could see your business shutter altogether.
Tackling the threat will take resources, which is a big ask given the existing challenges posed by the pandemic, but the cost of cyber security defences will be less than the cost of recovery following an attack.
IT Governance offers a range of solutions to help you get started.
We recommend beginning with our free green paper: Cyber Security and ISO 27001 – Addressing the cyber threat landscape.
You’ll learn how organisations are using the international standard for information security management, ISO 27001, to protect their critical information assets and enhance their reputation with customers and suppliers.