What is the impact and likelihood of global risks?

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

The World Economic Forum, a not-for-profit foundation that each year gathers participants from around the world to discuss a wide range of global issues, has published its yearly Global Risks Report.

Based on the opinions of almost 1,000 global experts and decision-makers, the top 5 global risks in 2018 in terms of likelihood are extreme weather events, natural disasters, cyber attacks, data fraud or theft, and failure of climate-change mitigation and adaptation.

global risks

Cyber attacks and data fraud or theft failed to enter the list of top 5 global risks in 2018 in terms of impact (environmental risks mostly took those spots), but cyber threats are growing in prominence, while rising cyber-dependency is ranked as the second most significant driver shaping the global risks landscape over the next 10 years.

Dependency on technology

According to John Drzik, President of Marsh Global Risk and Digital, geopolitical friction is contributing to a surge in the scale and sophistication of cyber attacks, and at the same time, cyber exposure is growing as firms are becoming more dependent on technology.

“While cyber risk management is improving, business and government need to invest far more in resilience efforts if we are to prevent the same bulging ‘protection’ gap between economic and insured losses that we see for natural catastrophes,” he opined.

Joseph Carson, Chief Security Scientist at Thycotic, pointed out that many industries are going through what is deemed as the fourth industrial revolution and are shifting to advanced technologies. Unfortunately, these technology advancements also bring major concerns concerning cyber dependency, cyber risks, and threats.

“Cyber-attacks are increasing and have become a global concern as many systems and devices that run critical infrastructure and decision making are now connected through the worldwide web. Public and private companies have become more vulnerable to cyber-attacks as established IT security controls are now failing to protect the current systems. As a result, cyber-attacks have been deemed one of the greatest threat and concern to eight global economies – the USA, Germany, Estonia, Japan, Holland, Switzerland, Singapore, and Malaysia,” he noted.

“This means that it is highly important that cyber-attacks become an urgent boardroom debate; they are no longer an IT problem, but a whole company problem and everyone is now responsible for cybersecurity. Cyber risks put the regulatory frameworks under pressure as they to adapt to these new high-frequency and high-risk economic threats.”

For respondents from North America and East Asia and the Pacific, cyber attacks top the list of global risks of greatest concern for doing business. For Europeans, they occupy the fifth place.

This makes sense: countries in those regions are among the most technologically developed as well as the richest in the world. The former makes them very dependent on modern technologies and susceptible to destructive attacks, and the latter makes them the preferred target of cyber crooks and state-sponsored attackers.

For the rest of the world, fiscal crises, failure of critical infrastructure and energy price shock are still viewed as greater risks for doing business.

The impact of cyber attacks

The impact the WannaCry and NotPetya ransomware had on organizations in a variety of sectors, and the speed with which they “went around the world” shows how easily and quickly cyber attackers can sow destruction and cause major losses.

“From governmental systems, through to hospitals and even military institutions (the very fabric of which keeps a society stable, protected and functioning), these could all be targeted by a wave hackers intent on causing havoc and chaos – often for no monetary reward,” says Rob Wilkinson, Corporate Security Specialist at Smoothwall.

“The cost of a global cyber hack is thought to be £92bn, but what would happen in a worldwide super attack whereby the majority of the world’s fundamental defense, healthcare, and other systems were so badly affected as to be unusable and obsolete?” he asks.

“No matter the industry, each organization or body needs to review its internal security systems promptly to ensure they have a layered security defense spanning encryption, firewalls, web filtering and ongoing threat monitoring as well as a proactive stance against threat actors. Where a cyber attack could cost as much or more than a natural disaster to fix, protecting the country’s basic infrastructure in the face of cybercriminals is surely a priority. We can ill afford an even bigger WannaCry and NotPetya.”

“Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace,” the World Economic Forum pointed out.

“The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks. Another growing trend is the use of cyber attacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning.”

Proposed solutions

Kirill Kasavchenko, Principal Security Technologist, EMEA, NETSCOUT Arbor, notes that collaboration and intelligence sharing should be at the core of the global response to reducing the risk of cyber attacks.

“Intelligence sharing can help organizations improve their detection and containment capabilities, so they can better prepare for an attack on their systems. To achieve maximum impact, it is critical that this involves intelligence agencies, cyber researchers, and businesses,” he says.

As things stand now, cybersecurity threats are outpacing the abilities and governments and companies to overcome them.

“We need to recognize cybersecurity as a public good and move beyond the polarizing rhetoric of the current security debate. Only through collective action can we hope to meet the global challenge of cybersecurity,” says Daniel Dobrygowski, Project Lead for Cyber Resilience at the World Economic Forum.

To that end, the WEF recently published a report that touches upon key issues and pros and cons of different policy positions on cybersecurity.

“In connecting norms and values to policy, the report encourages all actors to move past absolute and rigid positions towards more nuanced discussions aimed at solving key challenges and presents the implications of policy choices on five key values: security, privacy, economic value, accountability and fairness,” the Forum noted.

“It’s clear that rapid technological change is causing enormous shockwaves, and its disruptive impact on the world of business is already being seen: for instance, in the increasing risk and potency of cyber attacks. But there’s another side to the story – the human one – as technology begins to fundamentally change our lives, at home and at work,” Duncan Tait, EMEIA & Americas CEO at Fujitsu, also pointed out.

“As a business community, we must engage with the challenges, as well as the opportunities, that this presents. In fact, our research reveals that 84% of global business leaders are in favor of a coordinated global response to prepare for change, led by intergovernmental bodies and governments.”

Fujitsu’s Timeline 2030 report has examined the likely impact of technological change and suggests that the world is on the brink of a new digital paradigm.

“We are at a crossroads: we have the choice to take action now and use technology to take us on a path to prosperity, or otherwise face the consequences. In every major challenge that we face, we need to take a coordinated and considered approach to the role of technology,” Tait noted.

“In the short term, that means a laser focus on issues including data security and privacy, so that we can reap the benefits of resources like big data. Over the coming decades, timely and co-ordinated action across global governments, business, education, and society as a whole will ensure that we have the right leadership, skills and workforce to embrace change and prosper. We must ensure that as technology advances, it is to the benefit of everyone.”