Infrastructure cyberattacks pose a clear and present danger in 2020 and beyond: WEF

Impact of cybersecurity attacks, data theft eclipsed only by climate change, weather

cyber attack
Thinkstock

Ongoing threats of cybersecurity attacks against critical infrastructure remain one of the most potentially impactful threats facing the world this year, according to new World Economic Forum (WEF) research that warns governance fragmentation could threaten the realisation of next-generation technologies.

Fully 76.1 percent of respondents to the WEF’s Global Risk Report 2020 agreed that the risk of cyberattacks against infrastructure would increase this year – slightly ahead of cyberattacks that steal money or data, cited by 75.0 percent of respondents.

That result made cyber issues and “cybersecurity blind spots” nearly as risky as destruction of natural ecosystems, extreme heat waves, political polarisation, and economic confrontations – all national or global issues that policymakers have struggled to contain.

Cyberattacks on critical infrastructure “have become the new normal” in sectors including energy, healthcare, and transportation, the report noted, with cybercrime-as-a-service increasing the ease of attacks and the spread of Internet of Things (IoT) technologies “amplifying the potential cyberattack surface”.

The WEF’s concern “resonates with my own concerns that a serious cyberattack against critical infrastructure is imminent,” Tenable co-founder and CTO Renaud Deraison said, noting that disruption of operations and infrastructure is likely to increase this year.

“The prospect of attackers turning the lights off, manipulating the water supply or bringing cities to a crashing halt may seem unrealistic,” he explained, pointing out the deep interdependence between technological advancement and increasing automation of modern factories.

Where innovation goes, cybercriminals follow: “We’ve seen evidence of threat actors testing their capabilities in all corners of the globe,” Deraison said. “Innovation can’t happen without a good grasp of the security and integrity of the digital components.”

Such blockers could exacerbate the challenges faced as global governments work to counter the existential threat of climate change and other natural events.

Cyber attacks and data theft ranked just behind failure of weather and climate-related disasters in terms of their likelihood over the coming decade, with the breakdown of information infrastructure flagged as the sixth most impactful issue – on par with natural disasters and just behind water crises – over the same period.

The figures lend yet more weight to concerns voiced in analyses by the likes of the Institute for Critical Infrastructure Technology, which joined Forescout for a recent evaluation of infrastructure cybersecurity threats and concluded that ‘disruptionware’ such as ransomware would continue to post imminent risks to critical infrastructure.

“Disruptionware campaigns are expected to increase in success, as they are evolving faster than organisations with OT networks are successfully defending themselves,” that report’s authors said, warning that disruptionware “is about suspending operations, disrupting continuity, and crippling a business’s ability to engage in operations, gather resources, and disseminate deliverables.”

Managing the new risks of digital technologies represented a significant and ongoing challenge for a global society that still hasn’t perfected the process of keeping ahead of technological developments.

“While digital technology is bringing tremendous economic and societal benefits to much of the global population, issues such as unequal access to the internet, the lack of a global technology governance framework and cyber insecurity all pose significant risk,” the WEF report’s authors note, adding that “stakeholders must find ways to act quickly and with purpose within an unsettled global landscape.”

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?