The focus today needs to be less on cybersecurity and more on cyber resilience. In order to prevent some form of cyber pandemic, businesses are actively developing a global response to the risks around cybersecurity.
Up to date issues concerning cybersecurity
Since the beginning of the Covid-19 pandemic the use of digital tools in business and the home has increased exponentially. This increase in digitalization has led to many more instances of very costly and harmful cyber incidents, making it even more risky than playing Juicy Stakes poker.
The Global Cybersecurity Outlook 2022, put out by the World Economic Forum, presents findings gathered from over 120 cyber leaders from around the globe on ways to move from cybersecurity to cyber resilience.
The whole area of digitalization has grown enormously since the beginning of the pandemic, such that the use of video conferencing globally has risen tenfold. With the growth of digital tools comes the increase in data that is created. It is estimated by the World Bank that in 2022 the total annual internet traffic will grow by approximately 50% as compared to 2020 levels. That means it will reach 4.8 zettabytes. Incredibly if it were possible to store 4.8 zettabytes on DVDs, it would mean that your DVD collection would be able to circle the globe six times.
The other thing that the pandemic has highlighted is the extent to which all businesses are interconnected and how this enhanced global digitalization has propelled all of us onto a new path littered with cyber threats and attacks. During 2021 there were some serious infrastructure breaches. We saw how one company’s cybersecurity can have a knock-on effect on other businesses, creating problems for direct customers right the way through to the consumer.
It is in light of these continuing cyber challenges that the World Economic Forum’s Centre for Cybersecurity has put together the Global Cybersecurity Outlook 2022. As mentioned previously, this report sets out very clear critical findings gathered from global cyber leaders. The focus was on how they perceived the current situation, their concerns and their predictions.
Looking at the issues concerning cyber resilience
The report, Global Cybersecurity Outlook 2022 brings to light some of the important issues involved and perceptions about the current state of cyber resilience. It reports on three key gaps in the perception of security-focused executives, for example, someone who is the main information security officer and business executives. These gaps in perception become clear in the following three areas:
The priority should be given to cyber in business decisions. The majority, 92%, of business executives that were in the survey concur that cyber resilience should be integrated into strategies for risk management. But only 55% of the security-focused executives that were in the survey went along with this statement.
Getting Leadership to embrace cybersecurity. Many of those surveyed, 84%, said that cyber resilience is right up there as a business priority in their company and has the support and direction of those in leadership positions. However, 68% said that they felt cyber resilience was a big part of their total risk management. Because of this misconfiguration, a lot of security leaders state that they are in fact not consulted in business decisions. This can lead to problems in identifying and mitigating security risks and be the cause of decision being less secure. In many organizations, cybersecurity is still an afterthought.
Finding and keeping cybersecurity talent. 59% of those surveyed said that it would be challenging for them to deal with a cybersecurity issue because of the lack of skills in their teams. Even though most of those surveyed said that finding talented people and keeping them was a big challenge, business executives seemed much less aware of the gaps, than were their security-focused colleagues. These security-focused members of the team see that having adequate personnel is crucial and affects their ability to deal with an attack.
The research also looks at the continuing growth and real threat from ransomware. These attacks from ransomware are a real worry for cyber leaders. Over 50% of respondents said that when it comes to cyber threats ransomware was one of their main concerns. Also, it was felt by 80% of respondents that the threat of ransomware was growing and was a danger to public safety saying that these attacks were increasing and becoming more sophisticated. They are followed by social engineering assaults and are also a big concern for cyber leaders.
Malicious activity from insiders. These malicious insiders are current employees or former employees of an organization. They might be contractors or even trusted business partners who make use of their authorized access to the company’s assets and negatively impact the organization.
Notwithstanding the fact that there are lots of things that impact cybersecurity policy making, the majority of those surveyed, 81%, felt that it was digital transformation was the key to enhancing cyber resilience. 87% of executives are looking to enhance cyber resilience by bolstering resilience policies which should include processes and standards that educate on engaging and managing third parties.
Cyber resilience and small and medium-size businesses
A critical threat to supply chains, partner networks and systems is seen to be coming from the cyber resilience of small and medium businesses (SMBs). This was a major concern of 88% of respondents who were worried about the cyber resilience of the ecosystem of SMBs. Another issue raised by 48% of respondents was the belief that automation and machine learning will create a huge transformation in cybersecurity within the next couple of years. It is believed that these developments in technology will exacerbate the current imbalance which exists between attackers and defenders.
It is unlikely that cyberattacks will end in the foreseeable future as no solution has been found which covers every issue in cybersecurity. However, there are some important steps that cyber leaders can take in order to prepare themselves and their companies for such attacks. Cybersecurity is not an isolated technology but must be seen as a priority of the systems spanning technology together with its people and processes. The continuing move from cybersecurity to cyber resilience is the way forward to a brighter and more secure future.
Digitalization has proved to be a wonderful pathway enabling engagement and connectivity when the world was shut down. There are huge benefits but there are also threats. It is crucial that leaders and their teams become more adept at incorporating cybersecurity and get rid of the idea that they are working in isolation, from within and from other companies, and enhance cyber resilience.