If you’re looking for some uplifting reading, I would not recommend The Global Risks Report 2018. Published by The World Economic Forum (WEF), this report is a comprehensive examination of all the things that threaten to derail society. Climate change, tidal waves, water scarcity, terrorism; it’s the ultimate ‘worst-case scenario.’ It makes for sobering reading, but of course, the objective of the WEF Global Risks Report is to help economists and businesspeople mitigate risk.
In the introduction of the WEF’s report there’s a chart ranking threats by 2 criteria: likelihood and impact.
(Above: excerpt from The Global Risks Report 2018, published by The World Economic Forum.)
Here’s the thing that jumped out at me when I looked at this graph: cyberattacks; they’re right up there with ‘natural disasters’ and ‘water crises.’ In fact, two of the top five risks by perceived likelihood relate to cybersecurity; cyberattacks and massive data fraud. In terms of imminent economic threat, the WEF’s survey rates cyberattacks ahead of infectious disease and terrorism.
The cybersecurity challenge
‘Cybersecurity risks are growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace... Notable examples included the WannaCry attack - which affected 300,000 computers across 150 countries - and NotPetya, which caused quarterly losses of US$300 million for a number of affected businesses.’
- WEF Global Risks Report 2018
I’m embedded in the cybersecurity industry so for me, the warnings in the Global Risks Report don’t come as a surprise. The WEF’s report corroborates statistics from international law enforcement agencies and government bodies that are telling the same story. The statistics on cybercrime are growing so fast at the moment that it’s hard to keep up, but the overall trend is very clear; cybercrime is accelerating explosively.
Summarising the cybersecurity state-of-play the WEF report quotes these staggering numbers:
- Cyberattacks reported by businesses almost doubled in the five years to 2017; from 68 attacks per business to 130 per business
- More than 4 billion data records were reported stolen from businesses in 2016; more than during 2014 and 2015 combined
- A 2017 study of 254 companies put the annual cost of responding to cyberattacks at US$16.5 million per company, a year-on-year increase of 27.4%
- The cost of cybercrime to businesses over the next five years is expected to be US$8 trillion
- 357 million new malware variants were released in 2016 alone
Don’t let your company become a statistic
‘Although in previous years respondents to the GRPS (Global Risks Perception Survey) have tended to be optimistic about technological risks, this year concerns jumped, and cyberattacks and massive data fraud both appear in the list of the top five global risks by perceived likelihood. Attacks are increasing, both in prevalence and disruptive potential.’
- WEF Global Risks Report 2018
The surge in cybercrime is being driven by opportunity; as more commerce is conducted online the opportunities for crime grow correspondingly. There’s been a lag between online investment and cybersecurity preparedness and that’s created a gap criminals were quick to push into.
I’m realistic about the threats from cybercrime that business is facing, but I’m also optimistic. Why? Because I’m in a position to see the fight-back as well as the attack. Cybercriminals have wielded some formidable weapons in recent years but conversely, those of us in the cybersecurity industry are also creating better tools to disarm them. Cybersecurity awareness amongst business leaders is also improving, and that’s key because it takes action by executive-level management to implement effective cybersecurity.
Cybersecurity best-practice is to put multiple security layers in place and not rely on any single defence.
The key thing to know about cybersecurity is that prevention is the only strategy that works. Once your company has suffered a data breach there will be precious little you can do. There’s a lingering virus-scan mentality with a lot of people, but the harsh reality is that by the time you discover a breach in your security the damage will probably have been done already.
An effective corporate cybersecurity policy needs to involve:
- executive-level awareness and strategic implementation
- cloud-based web and email filtering with real-time updates
- endpoint malware scanning
- comprehensive and regularly updated backups
- ongoing cybersecurity education programs for all staff members
Cybersecurity is a leadership issue but when I talk to CxOs about their cybersecurity issues they often say something like ‘our IT department takes care of that...’
That sort of thinking is dangerous. Human beings are the weakest link in the cyber-defenses of any company, so every employee needs to understand cybercrime threats and know how to behave safely online.
Where to start?
The 2018 WEF Global Risks Report is a reminder that the time to act on cybersecurity is now.
Cybercrime is a global problem but there’s no way to police it in a centralised way. The solutions depend on individual businesses taking steps to make themselves secure.
If you find the complex challenges of data-security, hacking and cybercrime overwhelming then you are definitely not alone. A lot of businesspeople are disempowered by the magnitude of these issues and fail to act because they don’t know where to start.
I’ve written a cybersecurity handbook for business owners and CxOs: Surviving the Rise of Cybercrime. I wrote the book as a plain-language guide for non-tech executives. It’s a 60 minute read that will give you all the information you need to take control of the cybersecurity challenges faced by your company.
You can download a free copy of Surviving the Rise of Cybercrime, here: www.survivingcybercrime.com