The Global Risks Report 2019 that was published last week precedes the World Economic Forum to be held in Davos from January 22nd-25th. The report presents the results of the latest Global Risks Perception Survey (GRPS), in which nearly 1,000 decision-makers from the public and private sectors, academia and civil society assess the risks (in terms of likelihood and impact). These are the five main challenges cited and discussed in the report. They highlight the risks of Cyber Insecurity in a Connected World.
- Economic vulnerabilities
- Geopolitical tensions
- Societal and political strains
- Environmental fragilities
- Technological instabilities/cybersecurity
Cyber Insecurity in a Connected World
What was of interest to me was the section on technological instabilities/cybersecurity, which has spawned insecurity across companies and nations. While the Industrial Internet of Things (IIoT) has made everything more accessible and convenient, it has also opened new windows for cyber-attacks. Artificial intelligence (AI) is becoming more sophisticated and widespread, with growing potential to amplify existing risks or create new ones, particularly as the Internet of Things connects billions of devices. According to the report, technology continues to play a major role in shaping the global risks landscape for individuals, governments, and businesses. In the report, “massive data fraud and theft” was ranked the number four global risk by likelihood over a 10-year horizon, with “cyber-attacks” at number five. Majority of respondents expected increased risks of cyber-attacks in 2019, leading to theft of money and data (82 percent), and disruption of operations (80 percent). The survey reflects how new instabilities and vulnerabilities are created by the integration of digital technologies into every aspect of life. About two-thirds of respondents expect the risks of fake news and identity theft to increase in 2019, while three-fifths said the same about loss of privacy to companies and governments.
Cybersecurity Breaches in 2018
Events that occurred last year make it clear that cyber-attacks pose risks to critical infrastructure. The vulnerability of critical technological infrastructure has become a national security concern. The second most frequently cited risk interconnection in this year’s report was that of cyber-attacks with critical information infrastructure breakdown. In July, the US government stated that hackers had gained access to the control rooms of US utility companies.
Cyber-attacks and lax cybersecurity protocols led to massive breaches of personal information in 2018. The largest was in India, where Aadhar (the government ID database) suffered multiple breaches compromising the records of all registered citizens. It was reported in January that criminals were selling access to the database at a rate of Rs. 500 (about $7) for 10 minutes; while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers. Globally, personal data breaches affected around 150 million users of the MyFitnessPal application, and about 50 million Facebook users.
Cyber threats can come from unexpected directions and sources. For example, the Meltdown and Spectre threats involved weaknesses in computer hardware rather than software; and they potentially affected every Intel processor produced in the last 10 years. Such security breaches cost heavily in terms of finance and infrastructure.
Cybersecurity in India – Policies and Direction
India’s cybersecurity market for products and services is expected to grow from the present $4.5 billion to $35 billion in 10 years. This high growth rate is due to innovation and new technologies, but the safeguards to ensure the safety of products and services needs to be ramped up. The National Cyber Security Policy was framed in 2013 to protect public and private infrastructure from cyber-attacks and to safeguard information, and the Indian Cyber Crime Coordination Center is also being set up. India is in the final stages of setting up a cyber agency under the Integrated Defense Staff (IDS) to deal with threats in the cyber space. This cyber agency will be set up by pooling talent from all three services - Army, Air Force, and the Navy.
As is obvious, the policies and initiatives are in place; it is time to move to the next level of proper coordination and execution, so that these don’t just remain as rhetoric or aspirational documents.
Panel discussions and presentations at the upcoming ARC Industry Forum in Orlando, Florida, Feb. 4-7, 2019, will focus on cybersecurity and related areas.