Global cybersecurity set to be top priority as world advances further into digital age
When it comes to cybersecurity, it is important to be one step ahead of the bad guys. When it comes to global cybersecurity, the task only becomes that much harder.
There has been an uptick in cybercrime since the start of the COVID-19 pandemic, which forced more and more people online and to engage in digital spaces.
“For employees accustomed to working from the office, shifting to a work-from-home model as a result of COVID required them to integrate their personal lives,” Verizon Chief Information Security Officer Nasrin Rezai told CBS News.
Not only were many people required to work from home, but the technology allowing them to do so became vital to keeping businesses — and the economy — afloat.
More people online meant more potential victims for cybercriminals with nefarious intentions, however, and organizations which failed to create a work environment that was “cyber safe” left themselves open to attack.
“During the same period of transition and disruption, threat actors shifted their techniques to target employees through COVID-themed phishing and social engineering campaigns to capitalize on the stress and anxiety of the pandemic situation,” Rezai told CBS News.
According to the 2022 Global Cybersecurity Outlook, attacks on organizations increased by 31% year-over-year in 2021.
Not only were there more attacks, but it took longer to fix them as well, with the report finding organizations that were exposed needed an average of 280 days to detect and respond to the threats.
A Global Concern
When it comes to cybersecurity on a global scale, attacks can originate from all parts of the world, and the bad actors behind them can have a number of nefarious intentions.
Following Russia’s invasion of Ukraine in February, national security experts in the U.S. worried the Kremlin could target it with cyberattacks as a response to new sanctions put on the aggressor.
A bigger concern, even, is that Russian cyberattacks on the U.S. — along with other NATO countries — could end up being so significant that it could end up drawing them into physical conflict.
This, of course, would have more than just financial ramifications, and, in addition to the potential for bloodshed, could have significant economic consequences for the U.S. and other western countries.
“It’s a good way to give us the finger without creating a bigger strategic problem for the Russians,” Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies, told The Washington Post, at the time.
With real concern existing over the possibility of a retaliatory attack against financial transfer systems and markets in the U.S., the Cybersecurity Infrastructure and Security Agency (CISA) posted guidance to help concerned companies.
“While there are not any specific, credible, cyber threats to the U.S., we encourage all organizations — regardless of size — to take steps now to improve their cybersecurity and safeguard their critical assets,” a Department of Homeland Security spokesperson said, in a statement.
When it comes to protecting an organization’s most critical assets, there are number of steps the CISA recommends.
First, to reduce the chance of a cyber intrusion, an organization will want to ensure that multifactor authentication is required in order to gain access to any areas of administrative or privileged access.
The CISA also recommends ensuring all software has been appropriately updated and that any updates which relate to cybersecurity are prioritized.
In the event an organization does fall victim to a cyberattack, it will want to have the resources in place to be able to quickly identify and respond to the threat.
Making sure to have antivirus/antimalware software installed and updated is also a must, according to the CISA, in addition to having a crisis-response team in place.
“CISA recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” the agency said.
The State of New York is one place taking the global cybersecurity threat seriously, with Gov. Kathy Hochul announcing in February its plans to create a new Joint Security Operations Center (JSOC).
The center will allow for data sharing and coordination of cybersecurity efforts throughout New York City, in addition to five major upstate cities and the state’s regional and local governments.
“Cybersecurity has been a priority for my administration since day one and this command center will strengthen our ability to protect New York’s institutions, infrastructure, our citizens, and public safety,” Hochul said, in a statement at the time.
The JSOC is expected to “improve coordination” on incident response and threat intelligence, according to Hochul.
The announcement came only a day before Russia’s invasion of Ukraine, which Hochul acknowledged played a role in the state deciding it needed to boost up its cybersecurity defense systems to protect against global threats.
“In light of current geopolitical uncertainty, earlier today I convened cabinet members from relevant areas to review our ongoing cybersecurity preparedness efforts to make sure that New Yorkers, our institutions, and our critical infrastructure are protected from cyber-facilitated disruptions,” New York’s governor said.
While the threat of cybercrime is nowadays constant, and on such a global scale, the financial impact it has on our national and international economy is, in itself, staggering.
By the year 2025, cybercrime is expected to cost the world $10.5 trillion every single year, an increase of $7 trillion from 2015.
If accurate, this would constitute as the greatest economic wealth transfer ever recorded in history, and the risk factors connected with cybercrime has it in-line to cause more damage by annum than all natural disasters combined.
Cybercrime would also take over as the most profitable form of criminality on the globe, surpassing the sale and trade of all of the major illegal drugs.
Being able to protect oneself against the threat of cybercrime, whether it be an individual, a small business, a large organization, or even an entire country, is thus no longer a need, but a must.