“Cyberattacks a top security concern”

by Lucius Lobo CISSP    Feb 02, 2012

Lucius LoboMedia reports and prominent disclosures by Hacktivists have clearly demonstrated the lack of cyber security preparedness by major companies.

I was not at all surprised that the World Economic Forum (WEF) Global Risk 2012 report revealed cyberattacks among the top five risks rated by likelihood for the first time since its seven years of inception.

A similar Global Economic Crime Survey report from PwC titled “Cybercrime: protecting against the growing threat” also saw cybercrime among the top four economic frauds.

This was inevitable, as 2011 witnessed several visible cyberattacks on corporate, governments and utilities. Media reports and prominent disclosures by Hacktivists clearly demonstrated the lack of cyber security preparation by major companies.

The exponential rise in connected devices such as mobile phones, home networks, smart grids and smart cities raised the specter of a single vulnerability creating a catastrophic disruption in the global information infrastructure. Cyberattack is a key threat vector which can be executed remotely and with near anonymity by a variety of state and non-state actors.

It was quite clear that while the risk appeared on the radar, there was not much being done about it. Stakeholders did not seem to view the risk as impactful, and favorably viewed the benefits of a connected world over the risks.

One of the primary reasons for such a view was that terrorism, crime and war in the online world have so far been less deadly than their physical counterparts.

The report findings from WEF study said that there was a need to obtain a firm understanding of the security problem by improving the quality of risk reporting through empirical research.

Current research by security vendors is viewed with skepticism because of the possibility of a bias, and non vendor research is still in infancy because victims prefer to remain silent.

In the long-term reliable indicators of crimes, attacks and losses is key to ensure that the full impact of cyberattacks and crime is known, its economic consequences measured and investments made to reduce their impact.

(The author is VP and Global Head Security Services at Tech Mahindra. He is also a Member on the WEF Global Internet Security Council)