Cybersecurity Failures in 2021
If The Global Risks Report 2021 recently published by the World Economic Forum is correct, cybersecurity failure in 2021 will continue to grab headlines and demand the attention of global economic leaders. This isn’t good and we need to take action as an industry. “Cybersecurity failure” is ranked as the fourth highest short-term risk and clear and present threat to the world economy. “Infectious diseases,” “Livelihood crises,” and “Extreme weather events” took spots one through three respectively as the top short-term risks (0-2 years) when respondents were asked, “When do respondents forecast risks will become a critical threat to the world?”
This report was soon followed by President Biden earmarking almost $10 billion for cybersecurity as many U.S. federal agencies continue to recover from the SolarWinds hack. Of course the United States isn’t alone as The Scottish Environment Protection Agency is dealing with its own ransomware attack as just one of many other examples.
Global leaders have long been focused on economy, healthcare, and the environment. But already 2021 is different. With “cybersecurity failures” occupying spot four on the WEF list list of global risks that are near-term clear and present dangers, it is time for government and business leaders to take action. Even more alarming is the direct correlation cybersecurity has to other threats on the WEF global risk horizon such as digital inequality, IT infrastructure breakdowns, and even terrorist attacks. The traditional definition of ‘terrorism’ is changing as terrorists turn their sights on digital targets.
So the question becomes, “what can we do to reduce risk and minimize the threat of cybersecurity failure to the citizens and businesses of this world?” Fortunately, we have more control over cybersecurity risks than we do over other threats like infectious diseases and extreme weather events. But to maintain control, the IT security industry must be much more diligent in improving the cyber hygiene of our digital infrastructure. It isn’t easy, but it is very possible to protect ourselves from the inevitable repercussions of cybersecurity failure.
The SolarWinds hack was a very loud wake-up call, but it wasn’t the first and won’t be the last. If there is any good that comes from these most recent cybersecurity failures it is that the highest levels of government are upping the ante in response. But as crazy as it might sound, $10 billion is really just a start. This is modern-day warfare fought on a new and very different battlefield. To win the war we need to do more than just spend money. We need to be in a position where we actively defend and protect first, instead of being forced to respond to the latest failure.
An active defense includes a mature approach to vulnerability remediation. Over and over we see known vulnerabilities exploited as the attack vector for a breach. The cyber security industry must learn from history and we must take the needful steps now to reduce risk and get ahead of the ever-growing crush of bad actors who pose a very real threat to our digital livelihood. One patch, one secure line of code, one correctly configured cloud setting is often the difference between cybersecurity failure and cybersecurity success. Let’s join together