Cybersecurity has become everyone’s problem

Cristina De Luca -

December 30, 2021

2021 marcou um ponto de inflexão para ataques maliciosos a sistemas de computador, alimentados por um aumento nos ataques estado-nação e ransomware. Resultado: o que era uma preocupação quase que exclusiva das lideranças de TI agora é uma das principais preocupações dos CEOs e líderes mundiais.

Evidence abounds that cyber security has become the big issue. 

The Colonial Pipeline attack in May helped convey that message, as did ransomware attacks on cities and hospitals – emphasizing the real-world impact that cyber-attacks can have.

Meanwhile, the current Log4j flaw shows just how vulnerable our digital systems are. The open-source part of the code is used so widely that it potentially leaves almost every company and government under attack.

Foreign Affairs magazine devotes its current issue to the topic, while JP Morgan’s International Council identified it as the most significant threat facing business and government in a report released this year-end.

The combination of cryptocurrency and ransomware has proven especially difficult to combat. It is usually in the victim’s business interest to pay, rather than risk data loss or even business interruption, despite warnings from security professionals that payment may be the worst option. It is the equivalent of giving in to blackmail.

The increase in cyber-attacks has also made diplomacy thorny between nation-states. With physical attacks, there is a relatively clear line that acts as a deterrent, even for nations with significant conflicts. But in cyberspace, the divide is murkier.

“The realm of cyberspace is formed not by a binary between war and peace, but by a spectrum between those two poles – and most cyber-attacks fall somewhere in that murky space,” former deputy director of national intelligence Sue Gordon and former Pentagon chief of staff Eric Rosenbach wrote in a recent article.

Business and government leaders are calling for much closer cooperation between companies and governments as the main way to counter it. Many say an international agreement is needed, just as the Geneva Convention set limits on traditional warfare.

Cybersecurity has become another nightmare in a chaotic landscape. The world will enter 2022 still grappling with Covid-19, climate change, economic uncertainty, and geopolitical tensions. During the blockades imposed by many governments, businesses took steps to allow people to work online easily, buy goods without having to go into a physical shop, and have fun without venturing outside. But as Turkish-British writer Elif Shafak notes, the proliferation of digital technologies, accelerated by the pandemic, has combined excess of information and a lack of wisdom, leaving people desperate for meaningful human connection and a sense of political agency.

Developing effective policy responses to all these challenges will be crucial if we are to overcome the greatest global test of all: rekindling a sense of confidence and optimism in society.

The continued digitization of society, the home office, and the increasingly online nature of our lives means opportunities for phishers, hackers, scammers, and extortionists. As we move into 2022, there is, unfortunately, no sign that this will diminish.

According to the UK National Cyber Security Center, there were three times as many ransomware attacks in the first quarter of 2021 than in all of 2019. And a PwC survey suggests that 61% of technology executives expect this to increase in 2022.

The number of connected devices – known as the internet of things (IoT) is expected to reach 18 billion by 2022. One consequence of this is a much larger number of potential access points for cybercriminals seeking to gain access to secure digital systems. In the opinion of André Mello, vice-president of NSFOCUS in Latin America, “the cybercrime market is growing geometrically in the last years also due to the increase of potentially vulnerable equipment connected to the Internet, the sophistication of attack techniques, and the cheapening of computing resources to generate offensives”.

Also left on the predictions lists are mentions of 5G challenges, APTs, deepfakes getting really dangerous and concerns about privacy and disinformation.

Analysts are very concerned now with:

How to cope with all of this?

Recent Capgemini research points out that two-thirds of companies now believe AI is needed to identify and combat critical cybersecurity threats, and almost three-quarters of companies are using or testing AI for this purpose.

Another survey, from Gartner, predicts that 60% of organizations will use cybersecurity risk as a “primary determinant” when choosing who to conduct business with, by 2025. After all, the majority of security incidents will result from problems with third parties. Cybercriminals know that large organizations need the support of external organizations, and they know that smaller organizations often cannot afford elaborate security (or ignore it due to ignorance of the risks).

Trend Micro’s report also points to some ways forward:

  • Back to the basics of security.
  • Apply the concept of Zero Trust.
  • Strengthen server security and employ access control best practices.
  • Prioritize visibility, focusing on continuous monitoring of IT infrastructure and communication networks.
  • Adopt stronger security with the right solutions and level of expertise.

There is no perfect plan and many believe that the future is unpredictable. However, if that were true, we wouldn’t have weather forecasts, and we wouldn’t have the list above along with the countless lists from other cybersecurity experts and specialist companies.

The future is predictable (to some extent) by looking at the past, reading the signs, and making some basic assumptions about what the future holds for us. It is the right time to take stock of what has happened before and make some reasonable assumptions and predictions about what may lie ahead, especially in relation to cybersecurity, given that the outlook is for greater reliance on digital technologies.