The Davos debrief – combatting global security risks
27 February 2019
Here, Nick Boughton digital lead at Boulting Technology, outlines the findings of The World Economic Forum’s (WEF) 2019 Global Risk Report and how manufacturers can enhance their cybersecurity strategy.
As more organisations than ever are conducting business online, a report by Gartner forecasts global spending on information security to reach 124 billion dollars by the end of 2019. In spite of this surge in spending, researchers estimate that the cost of cybercrime has quadrupled since 2015, and will amount to over 16 times more spending than security measures over the next four years.
“Is the world sleep walking into a crisis?” That is the question Børge Brende, president of the World Economic Forum (WEF), poses in this year’s report. In January 2019, amongst the snow-caped mountains of Davos, Switzerland, WEF assembled once again for its annual meeting to discuss the biggest risks our world currently faces. Top of the agenda was cybersecurity, and how businesses can continue to grow their ever-expanding digital footprint, while mitigating the risks of attack.
Published against a backdrop of growing global tensions, of both the political and economic variety, the report uses data from private insurers, government publications and academic studies to rank the most catastrophic potential risks that jeopardise today’s society. Ranking fourth and fifth, cyber-attacks and data breaches are amongst the most serious.
It is the second year in a row that these threats have been present in the top five concerns and are considered some of the most critical man-made risks, short of failure to improve climate change. With cybersecurity at the forefront of many minds, what can be done to ease concern?
Unexpected consequences
The explosive growth of connected devices, both in homes and in businesses, brings with it the chance of unexpected consequences. Take the disruption caused by the Heathrow drone sightings for example. Although evidence of any insidious agenda is yet to come to light, it was the unknown potential damage of the drone that brought the UK’s busiest airport to a grinding halt.
While technology is significantly contributing to global growth and prosperity, are we prepared to act in the event that things take a darker turn? Despite being the creators of innovation, we are also living in a realm of uncharted territory. With digital systems designed to control and monitor our power supplies, traffic flows and personal data, there is a looming feeling that the technology designed to benefit us is not adequately accompanied by measures to mitigate the risk of attack.
As technology continues to expand at a rapid rate, those who reap its benefits must also be aware of potential for blind spots – it is the threat of what we are yet to understand that is perhaps most menacing.
Infiltrating infrastructure
Another key concern raised by WEF is the risk cyber-attacks pose to critical infrastructure. With Internet of Things (IoT) devices now firmly embedded into industrial environments, the report warns that the "potential vulnerability of critical technological infrastructure has increasingly become a national security concern”. The increase in connectivity could provide an easily-accessible back door for hackers to infiltrate and gain access into some of society’s most vital resources.
In July 2018, the US government stated that hackers had gained remote access to the control rooms of utility companies, even though command centre computers were not directly linked to the web. The group behind the attacks, known as Dragonfly or Energetic Bear, was traced to Russia and racked up hundreds of victims, according to the Department of Homeland Security (DHS). Hackers used spear-fishing emails sent to senior staff and sought to make them visit spoofed or hacked social media sites to gain access to the corporate networks of suppliers, allowing them to steal credentials and gain access to utilities.
The cybersecurity skills gap
Attacks are happening on a new, emerging kind of battlefield. The reality is that, despite the growing digital landscape, there are not enough skilled workers available to tackle the rise in security threats. As attackers ramp up their methods and develop increasingly more sophisticated hacks, there simply aren’t a sufficient number of “white hats” to address the growing presence of cyber threats. In fact, Cybersecurity Ventures Cybersecurity Job Report estimates that there will be 3.5 million unfilled cybersecurity positions by 2021.
A reason for the gap is that the digital marketplace is creating more jobs than the current supply of security professionals can meet. There is also no efficient way of creating and training enough skilled practitioners at the same rate as technological expansion.
Getting prepared
The report declares that world governments tend to be underprepared for mitigating cyberattacks. To combat cyber concerns, businesses need to work to mitigate risks on a collaborative basis, with a team of experts who have a knowledge of their facility’s technology and the potential of any risks it may pose.
An effective cybersecurity strategy is at its most successful when it is integrated with risk management procedures. At Boulting Technology, our team of engineers are experienced in integrating existing systems and replacing legacy controllers with modern, connected alternatives. To minimise the danger posed by connected technologies, and to tackle the cybersecurity skills gap, it is essential that staff undergo rigorous training so that new systems are incorporated safely and effectively.
In a world of connected devices, it is important that we are aware of the risks they pose, so as to avoid sleep walking into a crisis. While technology is continuing to boost productivity in businesses across the globe, new equipment and its risks must be evaluated to help reduce cyberthreats and ease concern.
For more information about Boulting Technology and its end-to-end cyber security offering, visit www.boultingtechnology.co.uk
Contact Details and Archive...