As the World Economic Forum’s 2023 Annual Meeting closed in Davos, Switzerland, it closed with one of the leading voices: a disturbing prediction. Presenting in 2023 Global cybersecurity outlook In a report, Forum Managing Director Jeremy Jurgens revealed that 93% of those surveyed believe a “catastrophic” cybersecurity event is likely to occur in the next two years. .
By 2025, cybercrime is expected to cost the global economy about $10.5 trillion annually, up from $3 trillion in 2015. Cyber Security VenturesTo put it in context, if it were a country, cybercrime would have the third largest GDP after the US and China. The main drivers of this growth are the ongoing digitalization of society, behavioral changes due to her Covid-19 pandemic worldwide, political instability such as the war in Ukraine, and the global recession.
Of particular concern, according to the WEF report, is the increasingly unpredictable nature of cybercrime. This is due to the increasing complexity of technology, especially breakthrough technologies such as artificial intelligence. This means that we are increasingly at risk of what are called “catastrophic” cyberattacks. This is an attack with serious and lasting impacts across society.
What are the critical cyber threats of 2023?
According to the WEF report, one of the biggest threats is the ‘mutation’ threat. This can take the form of an AI-enabled virus that transforms as it infects various systems and organizations to evade defense systems and detection.Albanian Prime Minister Eddi Rama under attack says what he learned after taking down critical infrastructure in 2022:
“It’s about a virus that can not only interfere with the way we live, but can also control and deviate from it. So systems such as the air transportation system can be used to attack us. Imagine if there was a cyberattack on the air transportation system and the huge number of flying planes turned into bombs.
“What we have learned is that this is quite naive … Any country can tackle this on its own.”
Another example of a truly devastating cyberattack is the infrastructure hacking After the 2014 Crimea invasion, 230,000 households in Ukraine lost power. Ahead of the 2022 invasion, he detected 288,000 cyberattack attempts against Ukrainian corporate and government infrastructure.
At the same time, however, much of the projected $10 trillion in economic losses could be caused by small-scale attacks aimed at stealing or extorting money from businesses and individuals.
In a WEF presentation, Interpol Secretary General Jurgen Stock spoke about his organization’s 2022 operation against cybercriminal groups in West Africa. black ax That led to the recent arrest of 70 people. Such groups consist of professional hackers, scammers, crooks and money launderers who are increasingly adept at credit card fraud, extortion, identity theft and ransomware attacks.
One of the most common threats (probably targeted by everyone reading this) is phishing attacks. These typically involve sending emails that attempt to trick unwary recipients into disclosing personal information. Details are either stolen from the victim or used to commit identity theft. Probably used to apply for a loan or credit in the victim’s name. Once an attacker gains control of the victim’s girlfriend’s identity, it can be used to deceive friends and family by claiming, for example, that the victim is in trouble and in dire need of money. There is a possibility that
Such phishing attacks rely on social engineering, but there are also purely technology-based attacks, such as malware. This involves installing malicious software on the targeted system in order to allow the attacker to control the system or access data on it.
Ransomware is a specific type of malware that usually encrypts information on the targeted computer and blackmails the victim into paying for the decryption.
One of the reasons why all these attacks are becoming more common is that cybercrime itself is now commoditized, Stock warned during the presentation. Anyone can log on to a site in the farthest corner of the Internet and acquire software and hacking skills “as a service” just like they purchase any other software or IT service.
what can we do
Accenture CEO Julie Sweet has outlined three key steps that all organizations, including governments, should take to build cyber resilience.
First, what she called “securing the core” is that security and resilience are built into every aspect of an organization, rather than just being limited to performing checks on incoming email. This equates to the strategy we often talk about. Make sure cybersecurity is on the agenda from the boardroom to the manufacturing floor, rather than just being discussed within the IT department, as has traditionally been the case in many companies.
Second, organizations must address the skills shortage within the cybersecurity domain. One way to approach this is to use automation wherever possible, freeing up experts to focus on human challenges. Whether it’s raising awareness about the dangers of phishing, the importance of good password practices, or understanding the changing behaviors attackers are using. near future. For most organizations, this can include investing in training.
Third, Sweet says leaders need to understand that “cyber resilience equals business resilience.” At her own company, the number of cyberthreats detected is a key metric featured in monthly business reviews. “This is a tangible change we made to make it clear that cyber is the same as financial performance. Think there is.”
Following these steps is certainly a good start for businesses that want to ensure they maintain their best chances against today’s threats and those that may arise in the future.As explained in the WEF report Moreover, it is difficult to predict the exact danger of a “catastrophic” attack. But in reality, with so much of our business and personal life taking place online, the potential is virtually limitless. It is worth remembering that we can prevent it by encouraging others with whom we work or are in contact to do the same.