According to the CyberROAD project, which aims to develop a cybercrime and cyber-terrorism research roadmap, cybercrime costs the global economy more than €300 billion per annum. As cybercriminal revenue nears €15 billion, the World Economic Forum has called the current threat landscape a “cyber pandemic”, earning cyber security a place at the top of the 2021 Davos Agenda.
As a result, finding solutions that can improve the security of critical infrastructure systems and ensure their continuous functionality remains a major challenge facing ICS operators today.
Daily examples that confirm the new reality of a cyber pandemic:
- In October 2020, the FBI announced that US election infrastructure was under attack. Iran allegedly responsible for sending threatening emails to Democratic voters ahead of the upcoming presidential election.
- The infamous Solar Wind data breach last December is said to be the biggest hack to hit the US government in years. It affected around 100 private organisations and 9 government agencies. The attack has been attributed to government actors in Russia and is now under investigation.
- In early December, the European Medicine Agency was hit by a cyber attack, in which data on the Pfizer/BionTech Covid-19 vaccine was stolen. North Korean state-backed actors are suspected to have carried out the attack.
- The SCADA hack on a Florida water plant earlier this month is said to be an abuse of remote access credentials that were shared between employees.
- Finally, only two weeks ago, two French hospitals were hit by ransomware cyber attacks.
What is most worrying about these incidents is the enormous potential they had to damage democracy, the economy, and more worryingly, human life. Moreover, these incidents only occurred in the past 6 months… making this only the tip of the iceberg.
Different Actors – Different Motives
The events listed above demonstrate that various motives can drive criminal groups, hacktivists and individuals to act. The most obvious being Financial, though Social/Political “Hacktivism”, Espionage, Revenge and Disruption are also reasons why attackers target organisations. The complexity of motive can vary significantly. Now, nations are also taking part in cyber warfare as ‘patriot hackers’ inevitably initiate or defend against adversaries.
The Painful Reality Behind Cyber Crime
The cybercrime industry is one of the most profitable around and there are several reasons why this is the case. Organisations and decision-makers urgently need to address this if they are to overcome threats caused by:
The greater need for digitalisation to generate revenue faster, pushing some organisations to neglect their security practices
- Cyber criminals having had years of experience in infiltrating critical systems to find their vulnerabilities, of which organisations are too often failing to identify
- Companies fuelling the industry by paying ransoms in the hope of getting their operations back on track
- A lack of legal tools to tackle cybercrime: the risk to reward ratio is currently skewed to the side of bad actors
Final Thoughts
The rapid acceleration of digitalisation amidst the COVID-19 pandemic has added pressure on CI systems. Next-generation technologies are continuously generating new risks; yet, their impact on security is not fully understood.
To win the cyber war, cyber security must become an urgent business priority at the forefront of every company’s Board. Raising awareness on the subject across all sectors and levels of society is essential.
While the road ahead is long, governments now understand the importance of effectively protecting the infrastructure that provides essential services to their citizens, hence why we are only now witnessing plans to bolster their cybersecurity rules.
Additionally, there have been some encouraging moves made at the international level as states increase cross-border cooperation and threat intelligence sharing. A welcome change but long overdue.
Keen to learn more about how to protect your critical assets and infrastructure from threats stemming from the cyber pandemic?
Join us at the Cyber Security for Critical Assets World Summit on May 6th 2021.
Find out more and secure your free pass using the code “CYBER-PANDEMIC” at: world.cs4ca.com
