From businesses that had never anticipated such large-scale disruption to governments trying to secure critical sectors, cybersecurity is the biggest man-made concern for the world, according to the World Economic Forum’s 2021 Global Risk Report. With the pandemic catalyzing digital adoption faster than it can be secured, it was only a matter of time before the world started witnessing coordinated, planned cyberattacks of global proportions.
The first phygital catastrophe is coming
The Colonial Pipeline attack in the USA, the power grid blackout in Maharashtra, the incident at a Florida water treatment facility, and the Springhill Medical Center ransomware attack that led to an infant’s death are a prelude to a central mission-critical application going down. For instance, a coordinated hack on a major system such as an internet gateway or public cloud provider or a healthcare system like Epic will impact millions of people. We will see the physical ramifications in our everyday lives. A ripple effect will impact multiple aspects of our life - supply chain could be upended affecting food, water, and medical provision, businesses would be unable to render digital services including payments, coordination of global efforts, and more, transportation would be disrupted. Healthcare would get paralyzed and emergency services hampered.
The consumerization of cyberattacks will rise for easier wins
As we get comfortable with a hybrid lifestyle, the attack perimeter becomes more personal, and the consumerization of cyberattacks will increase. For example, the last iOS update alone had 11 zero-day attacks. 91% of legitimate mobile banking apps also contain at least one medium-risk security vulnerability, and 97 out of 100 largest banks are vulnerable to web and mobile attacks enabling hackers to steal sensitive data. Hackers will leverage vulnerabilities on mobile apps, and this will amplify zero-day attacks. However, consumer cyber awareness and the steps people need to take to protect themselves will not increase at the same rate.
More cybersecurity services will be offered by non-cyber companies in the next five years
As the consumerization of cyberattacks increases, non-cyber businesses will take up a more significant role in information dissemination. Cell phone service providers and device manufacturers will embed cybersecurity as a service in their plans to help consumers manage their security. Businesses will purchase cybersecurity offerings within their IT plans to protect employees and infrastructure. A large chunk of personal and enterprise cybersecurity will be sold by large technology companies rather than solely through cybersecurity vendors.
The fields of cybersecurity and data science will unite
Cybersecurity and data science have been fields that served two distinct purposes, but they will come together to help organizations (private and public) better understand and proactively protect themselves against increasing threats. The fields will collide and continue to grow together out of necessity as the application creation, and enterprise data explode and dramatically expand the attack surface.
Cyber insurance will be mandated.
In the next 12 months, the quantum of cyber insurance needed to protect against ransomware and other attacks will be mandated, at least in some geographic regions and industries. In a similar manner to requiring everyone to have auto liability insurance, high at-risk industries will be required to have a minimum level of cyber insurance. For example, companies may be required to have insurance to cover at least two percent of their annual turnover. In the next five years, almost all industries and geographic regions will mandate cyber insurance.
A Cyber Regulator will be established
There will be a standardization of cybersecurity to ensure parity, regardless of the business’s geography, industry, or size. Critical infrastructure, private organizations, and governments will unite and create a single cyber regulatory body to help create a global de facto of knowing, measuring, managing, and mitigating cyber risks.
As the world becomes ever more interconnected, security will have to be objectively understood by every stakeholder in the economy. In industrial revolutions one, two, and three, standardization led to successful mechanical, electrical and automated processes yielding easier (and trustable) mass-produced goods.
For instance, in an Airbus 320, despite the innumerable external and internal variables, one rarely assumes that the machine will not perform at its optimum. However, the same level of standardization is yet to be witnessed in cybersecurity. Despite many moving parts — namely people, policies, processes, technology, and cybersecurity products for both the business and its third-party vendors — no single score or standard informs us or decision-makers on how secure the business is in real-time. Governments and businesses require a simplified cybersecurity approach with one score to drive decisions, and today, with machine learning-enabled risk quantification platforms, this is a possibility.
Saket Modi is the co-founder and chief executive officer of Safe Security, an Indian cybersecurity firm.