Cybersecurity took center stage in the 16th edition of the World Economic Forum's Global Risks Report alongside the COVID-19 pandemic, climate change, and debt crises. Since 2004 the report has detailed the most critical risks facing the world and has highlighted cyberattacks and data breaches as far back as 2012.
But the latest report comes at a time when multiple cyberattacks every day are commonplace. Hospitals and schools now have to be prepared to respond to crippling ransomware attacks. The US government is struggling to root out Russian government hackers who managed to break their way into the State Department, the Justice Department, the Treasury, the Centers for Disease Control and Prevention, the Department of Homeland Security, and even nuclear labs associated with the Department of Energy.
Using data from the Center for Strategic and International Studies, the report said 156 "significant" cyberattacks have taken place in the US between 2006 and 2020, far outpacing any other country. The UK had the second most at 47, followed by India's 23, Germany's 21, and South Korea's 18 "significant" attacks.
"Business, government, and household cybersecurity infrastructure and/or measures are outstripped or rendered obsolete by increasingly sophisticated and frequent cyber crimes, resulting in economic disruption, financial loss, geopolitical tensions and/ or social instability," the Risk report said.
"Misinformation, cyberattacks, targeted strikes and resource grabs are on the rise. States and nonstate actors alike will likely engage in more dangerous cyberattacks, and these attacks will become more sophisticated."
SEE: Identity theft protection policy (TechRepublic Premium)
The digitalization of life that became popular over the last decade and eminently necessary since the onset of the pandemic has put the onus on regular people to protect themselves from an evolving landscape of cyberattacks that even experts struggle to understand.
"As social identities become more defined by online identities, users will be increasingly at risk of exposure to targeted political manipulation, invasion of privacy, cybercrime, financial loss, and psychological or physical harm," the report added.
The analysts behind the report called cybersecurity failure among the "highest likelihood risks" of the next 10 years and IT infrastructure breakdown "among the highest impact risks of the next decade."
In a survey of experts included in the report, 39% of respondents said cybersecurity failure was a critical threat to the world right now and ranked as the most pertinent risk on the list after infectious disease, extreme weather events, and livelihood crises.
Nearly 50% said it would be a concern for the next three to five years.
The report suggests that in order to make the transition to a fully digital world more smooth, multiple things need to be changed, including "insisting on security and privacy by design in the development of new technologies and digital services."
Hitesh Sheth, president and CEO at cybersecurity firm Vectra, said the only surprise in the World Economic Forum Global Risks Report is that cybersecurity failure wasn't ranked higher.
"Without secure, high-functioning IT, addressing all the other crises the report names, from climate to digital inequality, becomes much harder. For years our well-understood cyber vulnerabilities have been met with too much rhetoric, too little real action," Sheth said.
"I know the political challenge of marshaling consensus to avert an emergency that hasn't yet blown up in everyone's face. But the SolarWinds critical infrastructure attack was a probable harbinger of more to come. It's imperative that we dial up urgency on cybersecurity in the public and private sectors alike."
Other experts said the report should have tied cybersecurity to every other issue listed because of how much of the world functions through some combination of digitized tools.
Vulcan Cyber CEO Yaniv Bar-Dayan explained that there is a direct correlation between cybersecurity, digital inequality, IT infrastructure breakdowns, and terrorist attacks as well as weapons of mass destruction because the traditional definitions of both 'terrorism' and 'weapons' are becoming more related to cybersecurity in our digital world.
"Fortunately, we have more control over cybersecurity risks than we do over other threats like infectious diseases and extreme weather events. But the IT security industry must be much more diligent and proactive in improving the cyber hygiene of our digital infrastructure," Bar-Dayan noted.
"It isn't easy, but it is very possible to protect ourselves from the inevitable repercussions of at least one of these major threats on the global risk horizon."
Beyond the effects to nation-state tit-for-tats, cyberattacks have far more intimate effects on everyone as cybercrime has become an increasingly lucrative field.
The negative repercussions of cybercrime affect nearly every business, government, and consumer operating in our current digital world, said Trevor Morgan, a data security specialist at the firm comforte AG.
"Businesses that suffer from cybersecurity failures face highly damaging regulatory scrutiny, legal fallout, and reputational harm. Even at the individual level, peoples' right to data privacy (which is becoming more and more accepted as a fundamental human right) can be violated either by personal decisions (how to use and propagate their own data, where to store it, and how to protect it) or by the decisions of organizations that have collected that personal data for a variety of purposes," Morgan said.
"In many ways, individuals often are at the mercy of organizations who process and store their data. In essence, everybody has a stake in making sure that the failings in cybersecurity are corrected at every level of society."
The report—and other cybersecurity experts—added that cyberattacks suffer from some of the misconceptions as pandemics. It's tough to galvanize change against something that isn't tangible, and humans focus mostly on things we can see in front of us.
"Perception deceives us unless we get ourselves caught up in the actual and tangible manifestations of a problem–global climate change is just one example of this. Many won't believe in it until they're surrounded by water," Chloé Messdaghi, chief strategist at Point3 Security, told TechRepublic.
"When working on an undergraduate degree some years ago, I asked a professor why we're not looking into cyber terrorism and was told that WMDs matter more. When I pointed out an attacker could get into guidance and control systems and launch an attack, the professor dismissed the concern, because his perception was limited to what he knew and could touch."
Messdaghi added that apathy has led the world to a system where most enterprises don't even realize they've been attacked until months or years later. Only now are organizations even considering plans for cyberattacks.
The shift in concern about cyberattacks is due in no small part to a historic 2020 that saw some of the biggest companies announce breaches or hacks. Prosecutors in Germany leveled some of the first murder charges at hackers over a ransomware attack that brought down a hospital in Duesseldorf.
"Cybercriminals show no remorse for their targets, with every business being a source of sensitive information that has the potential to be exploited. COVID accelerated the move to digital for all businesses and exposed new threats and vulnerabilities for cyber and financial crimes," said Jose Caldera, chief product officer at Acuant.
"Seeing cybersecurity failure ranked as a high clear and present danger is certainly justified. It is imperative that businesses are addressing the gaps and looking ahead to secure systems and data, not just for their own benefit, but to also address establishing and maintaining trust with consumers."
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)