[BreachExchange] Cyber-attacks are a top three risk to society, alongside natural disaster and extreme weather

[Destry Winant]

http://www.zdnet.com/article/cyber-attacks-are-a-top-three-risk-to-society-alongside-natural-disaster-and-extreme-weather/

Nations' reliance on the internet and connected services means the
potential damage from cyber-attacks is one of the biggest risks facing
the world today, according to a report from the World Economic Forum
(WEF).

The threat of cyber-attacks and cyberwarfare sits behind only extreme
weather events and natural disasters in terms of events likely to
cause disruption in the next five years, according to the WEF's Global
Risks Report 2018. The WEF is an international body which brings
together business, political, academic, and other leaders to help
shape the global agenda.

The report highlights ransomware in particular as a cyber-threat, and
says that 64 percent of all malicious phishing emails sent during 2017
contained file-encrypting malware.

The Global Risks Report 2018 cites two major events as examples of the
damage and disruption which can be caused: the WannaCry attack, which
affected 300,000 computers in 150 countries and impacted
infrastructure across the globeincluding the UK's NHS, and Petya --
which caused losses of over $300m to a number of organisations.

But that's relatively low-level compared with what could be achieved
should cyber-attackers -- whether backed by a nation or an organised
criminal gang -- focus more of their attention on industry and
critical infrastructure.

"In a worst-case scenario, attackers could trigger a breakdown in the
systems that keep societies functioning," warns the report.

Last year's Global Risks Report warned of the potential threat posed
by insecure Internet of Things devices and a year of IoT-related
security incidents hasn't done anything to dampen the threat, with
hackers increasingly turning their attention to these devices as a
potential backdoor into networks.

"Cybercriminals have an exponentially increasing number of potential
targets, because the use of cloud services continues to accelerate and
the Internet of Things is expected to expand from an estimated 8.4
billion devices in 2017 to a projected 20.4 billion in 2020," says the
report, adding: "What would once have been considered large-scale
cyberattacks are now becoming normal."

Most attacks on critical and strategic systems have yet to succeed,
but the WEF says the growing number of attempted attacks suggests the
risks are increasing, especially as the interconnected nature of the
world means attacks can cause "irreversible" systemic shocks.

While the report says approaches to cyber-risk are improving, it
argues that much more needs to be done to protect organisations -- and
society as a whole -- from attacks.

"Geopolitical friction is contributing to a surge in the scale and
sophistication of cyberattacks. At the same time cyber exposure is
growing as firms are becoming more dependent on technology," said John
Drzik, president of global risk and digital at Marsh.

"While cyber risk management is improving, business and government
need to invest far more in resilience efforts if we are to prevent the
same bulging 'protection' gap between economic and insured losses that
we see for natural catastrophes," he added.

Looking to the future, the report warns about the possibility of 'war
without rules' if state-on-state conflict escalates unpredictably due
to the absence of cyberwarfare rules -- potentially leading to
miscalculations and a fog of uncertainty which could lead to attacks
and retaliations that spread and cause damage to unintended targets.