Why ‘fire drills’ are key for cybersecurity
“Drill, drill, drill," one expert said.
Listen to the article
- Cyber attacks across sectors are on the rise worldwide.
- Increasingly, hackers are targeting sensitive consumer data and becoming more skilled at exploiting vulnerabilities.
- "You have to try and build up layers of defences in your organization,” one expert said.
Industry experts are urging organizations across sectors to prepare for cyber attacks. The call to action comes as the prevalence of cyber attacks continues to rise, with cybercriminals and state actors becoming more deft at targeting sensitive consumer data and supply chain vulnerabilities.
“The biggest thing is to exercise,” Jacky Fox, the managing director of Accenture, said in a panel interview on Our World in Transformation, a live programme by the World Economic Forum’s Strategic Intelligence platform. “Drill, drill, drill so that people get their roles and they can have that muscle memory that allows them to kick into action.”
In the third quarter of 2022, global cyber attacks rose by 28% compared to the same period the year prior, according to the cybersecurity firm Check Point. The prevalence equated to over 1,130 weekly attacks per organization worldwide.
Today, hackers are increasingly targeting consumer data held by companies ranging from major medical insurance providers to national airlines. Cybercriminals are also attempting to exploit cybersecurity weaknesses in supply chains. These can include, for example, third party vendors like software providers and transportation services.
“The most significant incidents we are seeing now are supply chain attacks,” Rob Wainwright, a partner at Deloitte, added in the panel interview. “That is only going to grow.”
In 2020, for example, it was revealed that a software update from SolarWinds, a major US information technology management company, was compromised by hackers. The update was downloaded by up to 18,000 SolarWinds customers, including major multinational corporations and government agencies. The hack, the Forum noted in a 2021 report, demonstrated “patience, persistence, and complex tradecraft.”
“The cybercriminal economy has gone through a pretty major transformation,” Wainwright stated. “At the top end of the criminal ecosystem are very, very aggressive, highly adept threat actors—syndicated criminal operations that are pooling their capabilities and are very adept at breaching defences.”
‘Layers of defences’
Experts stress that preparing companies as a whole for cyber attacks is a key component of cybersecurity. This includes not only top executives and IT departments, but employees across an organization.
“You have to try and build up layers of defences in your organization,” Fox stated. “When an organization has exercised this—when they've done the equivalent of a fire drill for a cyber drill. That's what really makes a difference.”
Indeed, studies show that human actions make up a large part of cyber attacks. A recent study by Verizon found that the human element was a key driver of 82% of cyber breaches surveyed.
Investment into cybersecurity is also crucial, experts say. This includes taking steps to bolster readiness and defenses across supply chains to deter and prevent the increasing attacks. In fact, supply chain cyber attacks rose by 300% in 2021 compared to the year prior, according to research by Argon Security.
“It's not just for the techie guys in one corner,” Wainwright stated. “This is a business concern starting at the board level.”
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on CybersecuritySee all
Rob Rashotte
October 30, 2024