Why ‘fire drills’ are key for cybersecurity

Industry experts are urging organizations across sectors to prepare for cyber attacks. The call to action comes as the prevalence of cyber attacks continues to rise, with cybercriminals and state actors becoming more deft at targeting sensitive consumer data and supply chain vulnerabilities.

“The biggest thing is to exercise,” Jacky Fox, the managing director of Accenture, said in a panel interview on Our World in Transformation, a live programme by the World Economic Forum’s Strategic Intelligence platform. “Drill, drill, drill so that people get their roles and they can have that muscle memory that allows them to kick into action.”

In the third quarter of 2022, global cyber attacks rose by 28% compared to the same period the year prior, according to the cybersecurity firm Check Point. The prevalence equated to over 1,130 weekly attacks per organization worldwide.

Today, hackers are increasingly targeting consumer data held by companies ranging from major medical insurance providers to national airlines. Cybercriminals are also attempting to exploit cybersecurity weaknesses in supply chains. These can include, for example, third party vendors like software providers and transportation services.

“The most significant incidents we are seeing now are supply chain attacks,” Rob Wainwright, a partner at Deloitte, added in the panel interview. “That is only going to grow.”

In 2020, for example, it was revealed that a software update from SolarWinds, a major US information technology management company, was compromised by hackers. The update was downloaded by up to 18,000 SolarWinds customers, including major multinational corporations and government agencies. The hack, the Forum noted in a 2021 report, demonstrated “patience, persistence, and complex tradecraft.”

“The cybercriminal economy has gone through a pretty major transformation,” Wainwright stated. “At the top end of the criminal ecosystem are very, very aggressive, highly adept threat actors—syndicated criminal operations that are pooling their capabilities and are very adept at breaching defences.”

Experts stress that preparing companies as a whole for cyber attacks is a key component of cybersecurity. This includes not only top executives and IT departments, but employees across an organization.

“You have to try and build up layers of defences in your organization,” Fox stated. “When an organization has exercised this—when they've done the equivalent of a fire drill for a cyber drill. That's what really makes a difference.”

Indeed, studies show that human actions make up a large part of cyber attacks. A recent study by Verizon found that the human element was a key driver of 82% of cyber breaches surveyed.

Investment into cybersecurity is also crucial, experts say. This includes taking steps to bolster readiness and defenses across supply chains to deter and prevent the increasing attacks. In fact, supply chain cyber attacks rose by 300% in 2021 compared to the year prior, according to research by Argon Security.

“It's not just for the techie guys in one corner,” Wainwright stated. “This is a business concern starting at the board level.”