The number of ransomware attacks surged by 151 per cent worldwide in the first half of 2021 as cyber criminals sought to tap into a growing global digital economy and exploit people and businesses seeking to digitise their operations amid the Covid-19 pandemic, a World Economic Forum report has said.
The Geneva-based organisation's Global Cyber Security Outlook 2022, which was released on Tuesday, deemed 2021 as an "unprecedented" year for cyber crime in terms of volume and severity.
The cost of breaches amounted to an average of $3.6 million per incident for businesses alone as companies rapidly digitised to ensure business continuity amid the pandemic.
"Ransomware attacks disrupted our critical services around the globe – from stopping operations in meat production to manufacturing and threatening energy supplies to citizens ... 80 per cent of the forum’s Cyber Security Leadership Community members stressed that ransomware is becoming a danger and threat to public safety," Algirde Pipikaite, the WEF's cyber security strategy lead, told The National in an exclusive interview.
Cyber crime is one of the biggest concerns in a rapidly advancing digital world, with bad actors keeping abreast with new technology developments to come up with more sophisticated hacking techniques, leading to economic, financial and reputational damages.
The WEF had previously flagged these technology risks in its Global Risks Report last week, naming concerns such as digital inequality and cyber security failure among critical short and medium-term threats to the world. The climate crisis, it stressed, is considered to be the "world’s most critical danger".
Overall, cyber criminal activities were projected to inflict damages worth about $6 trillion globally in 2021, according to a study by research company Cybersecurity Ventures.
If that were to be measured as a country, it would be the world's third-largest economy, behind the US and China.
The situation would only deteriorate from there: by 2025, illicit cyber activity is expected to cost the world about $10.5tn, up 250 per cent from 2015's $3tn.
That would make it the biggest transfer of economic wealth in history, exponentially larger than the damage inflicted by natural disasters in a year and more profitable than the global trade of all major illegal drugs combined, it said.
Ransomware costs alone have the potential to hit $265 billion by 2031, with Cybersecurity Ventures saying there would be a new attack every two seconds as bad actors continuously and progressively improve their mode of operation to cope up with technological advancements.
About nine in 10 cyber leaders indicate that they are concerned about the cyber resilience of SMEs in their ecosystem, it said.
One of the most recent serious cyber espionage cases – and among the worst – was in 2020 when attackers exploited software credentials from US companies such as Microsoft, VMware and SolarWinds, and used them to infiltrate several US federal departments, including defence, state, homeland security, treasury and commerce while also affecting the UK government, the European Parliament and Nato.
In a borderless digital ecosystem, cyber incidents could have far-reaching effects across environments, exacerbating potential harmful consequences and representing greater challenges to efforts to limit the damage, the WEF said.
Attacks on organisations in the digital supply chain can negatively affect downstream businesses and their operations.
SMEs remain the weakest link
Cyber attacks do not spare any business or person. Less than a fifth of cyber leaders feel confident their organisations are resilient, according to WEF survey.
However, they have three major concerns. Firstly, they do not feel consulted on business decisions and struggle to gain the support of decision-makers in prioritising cyber risks.
Second, recruiting and retaining the right talent is a major concern, with six in 10 saying it would be challenging to respond to a cyber security incident because they lack the skills within their team.
Thirdly, about nine in 10 consider small and medium enterprises to be the weakest link in the supply chain. The reason is hackers believe have fewer resources to deal with cyber threats, making them the most vulnerable, Ms Pipikaite said.
"We need to provide solutions for the SMEs to better protect themselves against current and future cyber threats, and shift the burden to the makers of technology rather than the users. That means that we need to integrate security features like security-by-design and security-by-default when developing new technology," she said.
"Moreover, SMEs should focus on a layered security model that includes network, endpoint and data-centre controls powered by [a] focus on their incident response plan so that they recover quickly and swiftly if they get breached."
SMEs were typically off the radar of cyber criminals when it came to ransomware, phishing and other types of threats until recently, according to Infosecurity Magazine. Currently, SMEs account for 43 per cent of all cyber attacks, it said.
About two thirds of SMEs experienced a cyber attack in the last year while 63 per cent have been victims of a data breach over this period, according to the Michigan-based Ponemon Institute.
As of 2020, 55 per cent of SMEs had suffered a cyber attack, with about 88 per cent of respondents expressing concern over the resilience of SMEs within their ecosystem, the WEF report said.
In addition, 40 per cent admitted that over the past two years, their digital ecosystems had been attacked, affecting their organisations in a negative way, it said.
The broader enterprise system is no different, with the Covid-19 pandemic and the widespread shift to remote working highlighting the importance of cyber security, Ms Pipikaite said.
"We have observed that in the last two years cyber security has been elevated from just being treated as an IT issue to a strategic-level discussion point reaching the most senior level of corporate executives" she said.
"This trend is encouraging but the ongoing gap that we have identified between business and security-focused executives indicates that there are many more steps to be taken to strengthen cyber resilience."
Social media and the explosion of data
The amount of data being produced on a daily basis can also be tempting for cyber crooks, with about four billion users globally using social media platforms.
An enormous amount of data is being generated every minute, including 197.6 million emails and 69 million WhatsApp messages, 695,000 Instagram stories, 500 hours of YouTube videos and $1.6m spent online, the WEF said, quoting Statista data.
As dependence on digital technology continues to surge, so does cyber crime. Cyber criminals are seizing every opportunity to exploit vulnerabilities against unsuspecting people and they are more agile than ever, swiftly adapting to new technology and tailoring their attacks.
"Social media is an important part of our digital society [but] users should stay vigilant when being online: protect your devices, never click on suspicious links, report suspicious or harassing activities, update privacy settings and connect online only with the people you know or trust," Ms Pipikaite said.
She called for an inclusive approach in spreading the word on the need to shore up cyber security.
"It is encouraging to see that cyber breaches and cyber-related topics are covered more broadly by the mainstream media. This allows citizens to [become] more familiar with potential threats when using internet. Both private and public sector players could do more to encourage citizens to be more cyber aware," Ms Pipikaite said.
The WEF report surveyed 120 global cyber leaders from 20 countries across its Cyber Security Leadership Community and the Accenture Cyber Security Forum.
It aims to provide an in-depth analysis of the challenges that security leaders are dealing with, the approaches they are taking to stay ahead of cyber criminals and the measures they are putting in place to enhance cyber resilience – not only within their organisations but also within the wider ecosystem.