Jurisdictions
Regions
Industry Sectors
30/01/24
Navigating The Perils Of The Vast Cyber Seascape
In the picturesque haven of Davos, cradled by the Landwasser, the 2023 World Economic Forum convened, echoing sailor’s warnings of an imminent storm – the escalating menace of cyberattacks. Jürgen Stock [1] of INTERPOL rallied for a unified global stance against this digital tempest, while Oxford's Professor Sadie Creese warned of a looming "cyber storm", marked by a surge in phishing, ransomware, and DDoS attacks, the latter chillingly up by 79 per cent, casting long shadows of insecurity.
Reflecting these concerns, the 2023 Global Cybersecurity Outlook [2] reported a staggering 91 per cent of business leaders bracing for a major cyber event within two years. The challenge of fortifying digital defenses looms large; every data-holding organisation, regardless of size, is at risk, particularly the financial sector, pivotal to the global economy.
Ransomware threats, intensified since 2020, plague approximately 37 per cent of global organisations [3]. These digital scourges, from automated ransomware to bot attacks, endanger entities from industry giants to small ventures, for some heralding a complete digital demise. One enduring legacy of the pandemic, the surge in teleconferencing, has exposed these platforms to cyber breaches [4], compelling companies to enhance their defense strategies.
A glimmer of hope pierces the gloom; the industry leans towards passwordless authentication, driven by the frailty of passwords. Biometric authentication involving fingerprints and facial recognition veers us away from password vulnerabilities. Yet, this shift stirs concerns over the protection of personal data under regulations like the General Data Protection Regulation (GDPR).
Tech Target [5] hailed 2023 as the year of passwordless authentication, with multifactor authentication (MFA) gaining traction. However, drawbacks persist, such as reliance on mobile device availability and the accurate transcription of one-time codes.
Delinea's survey [6] reveals a startling gap in cybersecurity understanding among company leaders, with only 39 per cent acknowledging its critical role. A mere third perceives cybersecurity as vital for compliance, leading to a rise in successful attacks and delayed strategic decisions.
The Davos forum's echoes resonate amidst global economic uncertainty, further complicating the alignment between business objectives and cybersecurity. Small and medium enterprises (SMEs), strained by inflation and energy costs, can ill afford to overlook cyber threats or neglect robust disaster recovery plans. An EY/IIF survey [7] found that 72 per cent of Chief Risk Officers (CROs) rank cybersecurity as the top risk, underscoring its strategic importance.
The 2023 State of the Phish report [8] by Proofpoint warns of rising global cybersecurity threats, with 68 per cent of Chief Information Security Officers (CISO) anticipating an attack within a year. User awareness lags behind the scalability and innovation of attacks, exposing organisations to ransomware, phishing, insider threats, and financial risks. Only a third conducted phishing simulations, down from 41 per cent in 2021, while financial losses from successful phishing attacks rose by 76 per cent.
The CISO role faces a brewing storm of untenability, with high job expectations, personal liability fears, and burnout. Data exposure events are on the rise [9], as exiting employees increasingly leave with sensitive company data. To counter this, tailored employment contracts with explicit clauses can help protect intellectual property.
Cyber threats pose critical business risks, including operational disruptions and legal challenges. Yet, solutions exist. Cybersecurity in the digital business world must be a steadfast anchor, prioritising data protection. Entities, especially in finance, should safeguard their sensitive data offline, and deploy continuous AI-driven cybersecurity solutions.
A comprehensive cybersecurity policy acts as a roadmap, detailing asset protection, role assignments, access control, incident reporting, data protection measures, software updates, and disaster management. Financial leaders should prioritise tools like multi-factor authentication, zero-trust security, and web application firewalls. Proactive and regular evaluations of the evolving cybersecurity landscape are crucial.
Investment in digital skill training for employees is also vital, with early adopters reporting higher efficiency, revenue growth, and reduced turnover. Collaborating with government and accreditation bodies can further strengthen cybersecurity, equipping firms with the latest security and encryption protocols.
Nationally, resources like Luxembourg's House of Cybersecurity (LHC) [10] and Germany's 2021 Cyber Security Strategy [11] provide support for navigating the complex cyber threat landscape. The UK's National Cybersecurity Centre (NCSC) offers a free cyber action plan for small organisations.
In conclusion, the digital era's pressing need for enhanced cyber defences is amplified by escalating threats. Financial institutions must fortify their security measures or face severe repercussions. Despite emerging security measures like passwordless authentication, vulnerabilities persist, and the absence of a clear cybersecurity strategy leads to increased attacks and disastrous financial consequences. The solution lies in a holistic cybersecurity approach that encompasses compliance, secure data storage, threat awareness, and employee training. Investing in cybersecurity is not just an expenditure; it's a vital shield for an organisation's reputation and longevity.
In the ‘Fourth Industrial Revolution’, neglecting cybersecurity is akin to navigating blindly through a storm: Perilous and potentially catastrophic.
1 https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/
2 https://www.weforum.org/publications/global-cybersecurity-outlook-2023/
3 https://www.csoonline.com/article/564860/7-hot-cybersecurity-trends-and-2-going-cold.html
4 https://dl.acronis.com/u/rc/White-Paper-Acronis-Cyber-Readiness-Report-2021-EN-US.pdf
5 https://www.techtarget.com/searchsecurity/opinion/Why-2023-is-the-year-of-passwordless-authentication
6 https://delinea.com/resources/aligning-cybersecurity-and-business-outcomes
7 https://www.ey.com/en_gl/banking-capital-markets/how-bank-cros-are-responding-to-volatility-and-shifting-risk-profiles
8 https://www.proofpoint.com/us/blog/security-awareness-training/2023-state-of-the-phish-findings-sneak-peek
9 https://www.code42.com/blog/incydr-scoop-data-exposure-jumps-as-employees-head-for-the-doors/
10 https://lhc.lu/
11 https://www.bmi.bund.de/EN/topics/it-internet-policy/cyber-security-strategy/cyber-security-strategy-node.html
12 https://www.ncsc.gov.uk/
Oriane Kaesmann
Oriane is a Research Associate with LHoFT in Luxembourg, specialising in and freuqently writing about AI, cybersecurity, blockchain, sustainability, cryptos and Web3. She previously worked as a Senior Consultant for Grant Thornton, Luxembourg and a Consultant for Deloitte, Luxembourg.
