Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

World Economic Forum Global Risks Report Highlights Dangers of Digital innovation

World Economic Forum Publishes Global Risks Report 2020

World Economic Forum Publishes Global Risks Report 2020

For the first time ever, the top five most likely global risks enumerated in the annual Global Risks Report from the World Economic Forum (PDF) are all environmental: extreme weather, climate action failure, natural disasters, biodiversity loss, and human made environmental disasters. In terms of impact, the top five risks are climate action failure, weapons of mass destruction, biodiversity loss, extreme weather, and water crisis.

The likelihood of data fraud or theft has dropped from fourth to sixth while the likelihood of cyberattacks has dropped from fifth to seventh over last year’s annual survey. This realignment has more to do with increasing environmental threats than to decreasing cyber threats. Underpinning both sets of threat is growing global nationalism and increasing geopolitical tensions that make global action on climate less likely while increasing the threat of nation-based cyberattacks. 

World Economic Forum 2014
Aerial photo from the futuristic and stylish Intercontinental Hotel in Davos, Switzerland. The Annual Meeting of the World Economic Forum takes place in Davos-Klosters, Switzerland from January 21 to 24, 2020. (Image Credit: World Economic Forum)

The same background is threatening the global economic outlook. Nationalism, which weakens global trade, could lead to a fragmented internet. Economic stagnation could increase the likelihood of youngsters turning to cybercrime to ‘earn’ a living.

The report highlights the irony of the unfolding Fourth Industrial Revolution (AKA 4IR or Industry 4.0) — it provides great potential for economic and societal improvements, but brings with it counterbalancing increased cyber risk. These risks focus on the lack of security by design as manufacturers rush to be the first in the market, and the absence of global security governance.

The need for security by design is well understood. “Today, we are able to discover, assess, quantify and fix many of the issues that lead to cybersecurity risk in today’s world,” comments Alex Peay, SVP of product at intelligent automation software firm SaltStack, “but we too often make it an afterthought. If we focus on security and design and build to a secure standard, we can ensure that our innovations not only drive growth but foster security. For the first time many of the detriments of the coming Industrial Revolution are widely understood. If we are responsible and pragmatic about the adoption of security by design principles, we can avoid many of the pitfalls.”

On the lack of governance, the report gives ethics and artificial intelligence as an example. “There are over 80 frameworks,” it states, “yet the large increase in such initiatives serves to fragment the response to the threat, often imposing burdensome and sometimes conflicting obligations on organizations operating across national boundaries.” This applies across almost all governance areas, and is aggravated by nationalism and global geopolitics.

Sam Rubin, VP at the incident response, risk and forensics Crypsis Group, is not optimistic for an early fix. “While solutions suggested in the report, such as advocating for fair and concerted global actions on any 4IR-related governance frameworks, may eventually yield results, they will not come fast enough to mitigate risk in the near term,” he told SecurityWeek

In the meantime, he believes everyone — both consumer and business — needs to improve their use of existing best practices. “Many security best practices are still not being executed, even at the consumer level (such as when buying and deploying IoT devices), and at the organization level,” he continued. “But risk will still likely remain — in today’s digital economy, cyber risk is an unfortunate, unavoidable fact — unless and until a utopian security panacea is developed.”

Advertisement. Scroll to continue reading.

A major potential threat to cybersecurity comes from the potential fragmentation of the internet (sometimes known as cyber balkanization).The usual argument for this is a desire for national cyber sovereignty, but WEF adds that this could be exacerbated by “an increased risk of divergence in protocols — old and new — that could lead to fragmentation of cyberspace and future technologies.”

The dangers of a fragmented internet are complex and manifold. Today, the power of world trade and globalization is largely holding the internet together — but rising nationalism and the current potential for major international trade wars threatens this glue. This could, potentially, lead to a downward spiral — if international trade is weakened by geopolitics, then fragmentation could be encouraged by nationalism, and international trade and the global economy further weakened.

This would, in turn, make the likelihood of international cooperation on global security governance frameworks harder to achieve. The WEF report uses international law enforcement cooperation — which is necessary to combat the naturally international nature of cybercrime — as an example. “The fragmentation of cyberspace,” it warns, “will render those efforts moot and create possibly insurmountable technological incompatibilities for law enforcement to cooperate across varying systems.”

But the threat of fragmentation goes deeper, potentially affecting all aspects of society and linking back to the global environmental threat. “As the world is on the brink of climate collapse,” warns the report, “the necessary duplication of efforts for overcoming such technical fragmentation would not only be economically counterproductive, but also environmentally inefficient. This inefficiency is further amplified by countries’ pursuit of isolated national technology regulations. Adaptation to different products for different markets would inevitably increase the negative environmental footprint of any industry.”

This is not an optimistic report from the World Economic Forum. Heightening geopolitical tensions feed other issues, especially technological issues, that in turn make improving geopolitics more difficult. The danger is a downward spiral that will throw individual companies back on their own resources rather than international cooperative resources. For now, we seem to be heading for the worst of all possible worlds: connected by technology but separated by politics.

“In a hyperconnected world, attack surfaces and interdependencies will grow astonishingly quickly,” warns Steve Durbin, managing director of the Information Security Forum. “Cyber resilience has to be the way forward — know your data, quantify risk through a scenario driven approach, adopt an organization-wide strategy towards cyber security management. In addition, organizations should rethink crisis management, disaster recovery and business continuity plans, conducting full risk assessments on all external assets and services in order to plan effective responses with business leaders and to maintain a current, business-supported risk response readiness.”

Related: Cyberbalkanization and the Future of the Internet 

Related: Geopolitics Will Drive Aggressive Cyber Activity Throughout 2020 

Related: Geopolitical Tensions Fuel Worsening Cyberattack Scenario 

Related: The Geopolitical Influence on Business Risk Management

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...