View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 16, 2020updated 17 Jan 2020 9:52am

Global Risks Report: Junk Products Raising Risk of Infrastructure Attacks

Chance of prosecuting cybercriminals meanwhile, is just 0.005%

By CBR Staff Writer

Vendors prioritising speed to market over “security by design” is exacerbating the rising risk of a calamitous cyber attack on critical national infrastructure, the World Economic Forum’s fifteenth Global Risks Report warned this week, as 76.1 percent of those surveyed said they see the risk of such an attack rising in 2020.

The WEF asks 750 global experts to rank their biggest concerns in terms of likelihood and impact for the report: “Economic confrontations” and “domestic political polarisation” dominated their concerns, with “destruction of natural ecosystems” and the risk of a full-blooded attack on critical infrastructure also ranking highly.

(Human activity has already caused the loss of an estimated 83 percent of all wild mammals and half of plants – which underpin our food and health systems)

Cyberattacks were, overall ranked the second most concerning risk for doing business globally over the next 10 years. They ranked fifth as a short-term threat.

Critics have long warned that companies are pushing products to market with poor security baked into them, for example hard coding credentials into the systems, with many also pointing to a poor response from regulators to the problem: most regulatory frameworks offer guidance only. Even Europe’s NIS, for example, puts no pressure on vendors to deliver secure products; the onus is on end-users to patch and secure.

Read this: Critical Infrastructure Security: “The NIS Directive Sucks”

Renaud Deraison, Co-Founder and CTO at Tenable, said in an emailed comment: “This year’s WEF Global Risks Perception Survey (GRPS) resonates with my own concerns that a serious cyberattack against critical infrastructure is imminent.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“The prospect of attackers turning the lights off, manipulating the water supply or bringing cities to a crashing halt may seem unrealistic, but we’ve seen evidence of threat actors testing their capabilities in all corners of the globe.”

(Indeed ransomware forced the city of New Orleans to declare a “state of emergency” just last month, December 2019, after services were crippled by the attack).

Read this: Ransomware-Seized New Orleans Declares State of Emergency

Security experts have long warned that industrial systems remain particularly vulnerable to attack, with the increasing convergence of IT and Operational Technology (OT) — as plants seek to capitalise on the data their systems generate and take advantage of predictive maintainance — also opening up new threat vectors.

As cyber criminals rake in millions in earnings from increasingly sophisticated and target ransomware attacks every quarter, much like the real ecosystem, approaches to the digital ecosystem need to change, and urgently.

Meanwhile, as the Global Risks Report 2020 notes: “Organized cybercrime entities are joining forces, and their likelihood of detection and prosecution is estimated to be as low as 0.05 percent in the United States.”

Read this: NCSC Warns of Highly Automated Phishing Campaign “Spreading Indiscriminately” Across the UK


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.