Since the beginning of the pandemic, unscrupulous cybercriminals have exploited the worldwide crisis by orchestrating deceitful cyber attacks. The altered reality we now face has given rise to a substantial increase in advanced cyber assaults, which include targeted ransomware. The era of the Cyber Pandemic has arrived, urging us to employ every measure possible and swiftly safeguard our organizations.
In a phenomenal (albeit alarming) article by Forbes, they wrote, “As the 2023 annual meeting of the World Economic Forum wrapped up in Davos, Switzerland, it ended with a disturbing prediction from one of the leading voices. Delivering a presentation on the 2023 Global Cybersecurity Outlook report, forum Managing Director Jeremy Jurgens revealed that 93 percent of those surveyed believe that a “catastrophic” cyber security event is likely in the next two years.
By 2025, it’s expected that cybercrime will cost the world economy around $10.5 trillion annually, increasing from $3 trillion in 2015 according to Cybersecurity Ventures. To put that in context, if it were a country, then cybercrime would have the third largest GDP behind the US and China. Key drivers of this growth are the ongoing digitization of society, behavioral changes due to the global Covid-19 pandemic, political instability such as the war in Ukraine, and the global economic
Cyber Apocalypse 2023: Is The World Heading
For A ‘Catastrophic’ Event?
According to the WEF report, of particular concern is that the nature of cybercrime is becoming increasingly unpredictable. This is due to technology becoming more complex – in particular, breakthrough technologies such as artificial intelligence. This means that we are increasingly at risk of what has been termed a “catastrophic” cyberattack – one that will have severe and ongoing ramifications for society at large.
One of the biggest threats is a “mutating” threat. This could take the form of an AI-enabled virus that transforms as it infects various systems and organizations to evade defense systems or even detection. Prime Minister of Albania, Edi Rama, whose country suffered an attack that brought down critical infrastructure in 2022, spoke about what he had learned since:
“It’s about viruses that can not only block our way of living but can control it and deviate it. So it can use our systems like, God forbid, our air transport systems to hit us back. Imagine if there is a cyberattack on our air transport systems. What we learned is that this is something that’s absolutely naive to think that … any country can tackle this on its own.”
At the same time, however, it’s likely that much of the forecasted $10 trillion in economic damage will be caused by smaller attacks, simply aimed at stealing or extorting money from businesses or individuals.
One of the most common threats – which probably everyone reading this has been a target of – is phishing attempts. Typically, these involve sending out emails that attempt to dupe unwary recipients into disclosing personal details. The details are then used either to steal from the victim or to commit identity theft – perhaps to apply for loans or credits in the victim’s name. Once attackers have successfully taken control of a victim’s identity, they may then go on to use it to attempt to defraud their friends and family, for example, by claiming that the victim is in trouble and urgently needs money.
Phishing attacks like this rely on social engineering, but purely technology-based attacks exist, too, such as malware. This involves installing malicious software onto a targeted system in order to let the attacker control the system or access data on it.
Ransomware is a specific type of malware, which usually works by encrypting the information on a targeted computer and then blackmailing the victim into paying for it to be decrypted – or face losing access to it forever.
One of the reasons for all of these attacks becoming increasingly common is that cybercrime itself has been commoditized now, warned Stock during the presentation. It’s now possible for anyone to log onto a site in a dark corner of the internet and procure either software or hacking skills “as-a-service”, just as if they were buying any other software or IT service.
What Can We Do?
Accenture CEO Julie Sweet outlined three important steps that all organizations – including governments – should be taking to build up cyber-resilience.
Firstly, what she referred to as “secure the core” involves ensuring that security and resilience are built into every aspect of the organization – not simply confined to running checks on incoming emails. This equates to a strategy we often speak about – ensuring that cybersecurity is on the agenda from the boardroom to the shop floor and not something that’s only discussed within the IT department, as has traditionally been the case at many companies.
Secondly, organizations need to address the skills shortage within the cybersecurity domain. One way of tackling this could involve utilizing automation where possible, freeing up professionals to focus on the human challenges – whether that is spreading awareness of the dangers of phishing and the importance of good password practices or understanding the behavioral changes that attackers will be taking advantage of in the near future. For most organizations, this is likely to involve making an investment in training.
Thirdly, says Sweet, leaders need to understand that “Cyber resilience equals business resilience.” Within her own company, the number of cyber threats detected is a key metric that’s brought up at every monthly business review. “It’s a concrete change that we made to be clear that cyber is the same as financial performance. Thinking about your own culture, your own processes, what has to change so that your entire C-suite understands.”
Following these steps would certainly be a good start for any business that wants to ensure they stand the best chance against today’s threats and whatever may emerge in the future. Exactly what the danger could be of a “catastrophic” attack, as described in the WEF report, are difficult to predict. But the fact is, with so much of our business and private lives conducted online, they could be practically unlimited. But it’s certainly worth remembering that the vast majority of attacks could be thwarted by individuals taking sensible precautions and encouraging others we work or come into contact with to do the same.”
Global Instability Could Lead to Catastrophic Cyber Events
In an article by Cyber Security Dive, they wrote, “The World Economic Forum warned the current level of global instability could lead to a catastrophic cyberattack within the next two years, officials said in a Wednesday press conference.
Julie Sweet, Accenture chair and CEO, referenced data showing 43% of business leaders said they expect such a cyber event to have a material impact on their businesses, while only 27% believe they are cyber resilient.
“The gap between cyber resilient companies and the likelihood of a materially catastrophic event is significant,” Sweet said.
Jürgen Stock, secretary general of Interpol, said combating cybercrime will require victims of these crimes, including companies and individuals, to come forward and cooperate.
Companies need to do more to anticipate cyber threats because cyber criminals are outsourcing attacks through ransomware as a service operations and using much more sophisticated methods to launch attacks.
“The criminals are investing their huge profits into new tools, into the sophisticated tools,” Stock said at the press conference. “We have to make sure we keep pace, but also that we are further developing the global architecture of security.”
C-suite executives are becoming more aware there is a global problem with cybersecurity, said Nikesh Arora, chair and CEO of Palo Alto Networks. But the industry is behind due to years of underinvestment.
“That’s the sort of part we all have to work on collectively,” Arora said. “Nobody seems comfortable that they have it under control.”
Staying Secure in a Cyber Pandemic
In excerpts from an article by KMPG, they wrote, “Cyber-attackers see the pandemic as an opportunity to step up their criminal activities by exploiting the vulnerability of employees working from home. The negative cybersecurity impacts of these online changes have resulted in a cyber pandemic. With a wider spread of cyber incidents, protecting assets and infrastructure has become more challenging. Companies are accelerating their digital transformation, and cybersecurity is now a major concern.
Today’s dynamically evolving cyber threat landscape requires us to elevate our security habits, practices, procedures, and protocols. There is now a need for security practices to be tailored and fine-tuned to protect against attacks of the new world. To conclude, we have listed some of the safety practices to follow in this cyber pandemic.
- Secure your remote access – Employees working remotely should have anti-virus and malware protections on all systems; Employers should consider providing these protections for personal employee systems accessing corporate resources to keep their own infrastructure secure. Multi-factor authentication should be enforced for all remote access, where possible.
- Improve security education and awareness – There is an increasing need for us to stay up to date with the evolving and changing nature of cyberattacks. Businesses should implement security awareness programs and also consider simulating phishing campaigns for their employees to get more detailed results on their human security posture.
- Secure your home network – More people than ever are working from home, and it is essential to keep our home network secure. We should ensure our home Wi-Fi network is protected with a strong password and proper protections are in place on all home devices. Consider using a VPN.
- Develop a vulnerability management program – An official vulnerability management program detailing asset inventory, patch status, and protection levels can go a long way in a cyber pandemic. Companies should identify IT system weaknesses and patch the most critical vulnerabilities as soon as possible. Detective and investigative protections like SIEM should be in place.
- Prepare for attacks; consider penetration testing – It is advisable for businesses to consider going one step forward and run penetration tests on their assets to get a more accurate insight into their security posture. In these high-risk times, companies should carry out frequent cyber crisis simulation exercises to prepare their response to a cyberattack.
- Leverage intelligence techniques – Businesses should encourage the proactive use of cyber threat intelligence to identify relevant indicators of attacks (IOC) and address known attacks.
- Renew business continuity and crisis plans
Businesses are encouraged to update their business continuity plans according to modern-day work and cyberattack scenarios.”
Essential Guidelines for Cyber Pandemic Safety
REAL-TIME PROTECTION
As we have come to understand, prevention is far more effective than dealing with the aftermath. This principle applies to your cyber security as well. Implementing real-time prevention measures puts your organization in a stronger position to defend against future cyber pandemics.
SECURE EVERY COMPONENT
Every link in the chain is crucial. In this new normal, it is imperative to reassess and ensure the security levels and relevance of your network’s infrastructure, processes, and compliance of connected mobile devices, endpoint devices, and IoT devices.
With the increased utilization of cloud services, there is a greater need for robust security, particularly in technologies that protect workloads, containers, and serverless applications across multi- and hybrid-cloud environments.
CONSOLIDATION AND VISIBILITY
Significant changes in your company’s infrastructure present an opportunity to evaluate your security investments. Are you obtaining the necessary protection, and are your individual solutions effectively safeguarding the right assets? Have you overlooked any areas?
Achieving the highest level of visibility through consolidation will provide the security effectiveness required to prevent sophisticated cyber attacks. Unified management and comprehensive risk visibility complete your security architecture. This can be accomplished by reducing the number of point product solutions and vendors, thereby minimizing overall costs.
With the increased utilization of cloud services, there is a greater need for robust security, particularly in technologies that protect workloads, containers, and serverless applications across multi- and hybrid-cloud environments.
Conclusion
The era of the Cyber Pandemic is upon us, and it demands our utmost attention and action. Cybercriminals have seized the global crisis to launch deceitful attacks, leading to a substantial increase in sophisticated cyber assaults, including targeted ransomware. The alarming statistics and predictions from various sources highlight the urgent need to prioritize cyber resilience and take proactive measures to protect our organizations.
By implementing real-time prevention strategies, securing every component of our networks, and embracing consolidation and visibility, we can fortify our defenses against evolving cyber threats. It is essential to recognize that cyber resilience is intertwined with business resilience, and leaders at all levels must champion cybersecurity as a core aspect of their organizations.
Furthermore, addressing the skills shortage in cybersecurity, enhancing security education and awareness, and continuously adapting our security practices to the changing threat landscape are vital steps toward staying secure in the face of the cyber pandemic. Embracing intelligence techniques, preparing for attacks through penetration testing, and renewing business continuity and crisis plans will further strengthen our resilience.
While the challenges are significant, it is crucial to remember that responsible online behavior, adopting best practices, and fostering a culture of cybersecurity can go a long way in mitigating risks. By taking these measures collectively, we can better protect ourselves, our businesses, and society as a whole from the potentially catastrophic consequences of cyber attacks in this era of the Cyber Pandemic.
At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.
Every single device that connects to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.
Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions, you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.
To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca