Cyberattacks are one of the top 5 global risks

By Gabriel Gabriel on 08. February 2019

 WEF im Zeichen der IT_750x250

At the World Economic Forum (WEF) last month in Davos, it was remarkable how many IT-related events were on the conference programme. Prominent representatives of well-known companies, organisations and research institutes gave talks on the IT issues that will have an influence on our economies and societies, both today and in the future. One of the hottest subjects was the fourth industrial revolution and, as a consequence, how we can ensure that tomorrow’s technologies make our lives better rather than worse.

Company leaders like Satya Nadella (Microsoft), Ginni Rometty (IBM), Hiroaki Nakanishi (Hitachi), Bill McDermott (SAP) and Michael Dell (Dell Technologies) – to name a few –  spoke about (digital) globalisation in their presentations and panel discussions, as well as Industry 4.0 and naturally also artificial intelligence (AI). The head of Microsoft Switzerland Marianne Janik was interviewed on the Swiss TV station SRF. She said that a lot of people were wondering whether the WEF was actually a technology conference in disguise, but she welcomed the hype around AI. She thought it was prompting more discussions about how us humans should deal with it.

Cyber-attacks are the fifth biggest global risk

WEF-The-Global-Risks-Landscape-2019Another much-discussed IT subject was cyber-security. The breakdown of critical information infrastructures, data theft and cyberattacks are listed in the current WEF Global Risk Report among the top ten risks most likely to happen and with the most serious consequences – alongside issues like natural disasters, involuntary migration, weapons of mass destruction, contagious diseases and the failure of climate protection. An interesting point here is that internet attacks didn’t even make an appearance in the top 5 risks until 2014. The risk of data theft and misuse is rated even higher than cyber-attacks in terms of their likelihood. 

 

Cyber security is too complex for companies

Against this backdrop, the WEF recently established the Centre for Cybersecurity, which has signed agreements with Europol, Interpol, the Israeli National Cybersecurity Authority, the Organization of American States, the UK’s National Cyber Security Centre, the UC Berkeley Center for Long-Term Cyber-Security and the Global Cyber Alliance. Like many countries, organisations and companies, the Centre for Cybersecurity is also a signatory of the Paris Call for Trust and Security in Cyberspace. The Zurich Versicherung insurance firm also recently announced that it had become a member of the new WEF organisation. The group estimates that the global costs of attacks on companies will increase to eight billion dollars in the next five years. The new WEF initiative invited participants in Davos to an open forum to discuss these issues.

 

The key message emanating from the discussion was that organisations and countries are no longer able to deal with these problems on their own – a good example is the devastating consequences of the WannaCry malware attack two years ago. As information is shared around the world, everyone is faced with the same challenges – but it’s still taboo for those affected to talk about it. Companies are criminalised if they lose data and they worry about the damage to their image, while the perpetrators are seldom identified or punished. The UN general secretary Antonio Gutierres took the same line, saying that the challenge requires soft mechanisms rather than tough measures. He says that all stakeholders – IT providers, the scientific and business communities as well as civil organisations – must develop common standards and protocols in order to master the problem.

Increase employees’ awareness and give them secure tools

Walter Bohnmayr, who heads up worldwide IT security at the Boston Consulting Group, warned that staff in companies are not sufficiently trained in security. He said that cybersecurity is an issue that affects the entire company – it’s not just an IT problem. The fact is that the prevalence of Bring Your Own Device (BYOD) is unstoppable now in most companies, although the use of private devices comes with information security risks. Whether companies provide their own devices or have a BYOD strategy, they must ensure that employees abide by the rules and never use any private tools like Dropbox or WhatsApp for business, if these tools don’t meet the company’s requirements for compliance, security and data protection.

This can only work if staff have tools at their disposal for sharing and working on confidential information – tools that are not only guaranteed to be based on the latest preventive technologies, but can prove it with recognised certifications. These solutions must also be easy to use. That’s because one thing is clear: without a high level of user acceptance and satisfaction, employees won’t bother using the solutions. Instead, they’ll find a workaround using non-secure methods and risk the loss of confidential information, know-how, and competitiveness and even the company’s survival.

Security, Information Security, Switzerland

This could also be of interest:

Under lock and key: securing communication processes in law firms

Under lock and key: securing communication processes in law firms

Read more
The value of data: cyber-criminals have companies in their sights

The value of data: cyber-criminals have companies in their sights

Read more
The role of the CISO: a key function

The role of the CISO: a key function

Read more
Quick guide: What the EU Trade Secrets Directive means for you

Quick guide: What the EU Trade Secrets Directive means for you

Read more