“Although in previous years respondents to the GRPS have tended to be optimistic about technological risks, this year concerns jumped, and cyberattacks and massive data fraud both appear in the list of the top five global risks by perceived likelihood,” the report notes.
Rising cyber security concerns are connected to mounting numbers and costs of cyberattacks, which have been rising generally for decades. The increasing number of potential targets due to growth of cloud services and the Internet of Things(IoT) also increases risks. The report notes that the number of devices, vehicles and other appliances that connect to the internet already exceeds the human population of earth and is “expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020.”
This timely warning echoes the major finding of a new F-Secure-sponsored report Pinning Down the IoT: “In its current form the Internet of Things represents a considerable threat to consumers, due to inadequate regulations regarding its security and use.”
Experts interviewed for this report cited both privacy concerns about the uses of data collected by devices and the potential security risks of these devices or that data being hacked. A two-tiered situation is recommended to begin securing the IoT as it exists now and as it will exist in the future — education and regulation.
The Mirai botnet, which harnessed the computing power of inadequately secured IoT devices to launch the largest denial of service attack on web services ever, woke many observers up to the dangers of device market that has prioritized mass adoption over basic security.
Consumers need to be made aware of the risks and security features of their existing IoT devices by their governments, the report argues. A draft report from the United States Department of Commerce and Department of Homeland Security suggests the US is about to launch such an effort.
These campaigns would be invaluable but the results would likely be limited, given the vast number of varied and security imperfect security configurations of the billions of devices already in use. Many consumers may be unaware or have forgotten that existing devices are connected to the internet.
Given that the number of IoT devices is set to double in the next two years and then double again before long, governments also need to focus on devices coming to market by focusing on regulations and certifications, an opinion shared by 90 percent of consumers in a recent survey.
Cyber security experts are generally reluctant to advocate for government involvement in the development of technology but the risks continue to multiply.
The Global Risk Report notes that WannaCry, the largest ransomware outbreak in history, not only affected businesses of all sizes, it “disrupted critical and strategic infrastructure across the world, including government ministries, railways, banks, telecommunications providers, energy companies, car manufacturers and hospitals.”
Given our growing dependence on the IoT which is blurring into our homes, our schools, our workplaces, our commute and almost everywhere we go, expecting manufacturers to suddenly adopt rigorous security standards, when the marketplace isn’t yet demanding them, is a risk we should no longer take.