The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always changing. As a recent report by World Economic Forum shows, businesses and other entities should know how to keep up with and measure cybersecurity risk. Both are important and ongoing aspects of keeping your digital assets secure.

The Threat of ‘Cybersecurity Failure’

In early January, the World Economic Forum (WEF) released its Global Risks Report 2021. In this report, built from a survey, 650 members of WEF’s leadership groups offered their perspective on global risks. Their responses helped illustrate some of the major sources of risk confronting the world going into the new decade.

One of those was ‘cybersecurity failure.’ In other words, defensive measures always lag behind threat actors and breaches. Members of the WEF see this failure as one of the highest likelihood risks of the next decade. More than one-third (39%) said they regarded it as a ‘clear and present danger,’ meaning it will likely take effect over the next two years. About half (49%) expect it will also be an issue in the next three to five years.

Today’s Threats to Cybersecurity Risk Management

The reality is the world doesn’t need to wait for this failure. It’s already here, and one need not look far for proof.

Worldwide information security and cybersecurity risk management spending will grow 2.4% to reach $123.8 billion by the end of the year, Gartner predicted in June 2020. They projected one-third of that spending would go to security measures designed to support organizations’ cloud adoption efforts. The next highest investments are in technologies designed to secure organizations’ applications and data as many transitioned to a remote work model.

All of that spending didn’t prevent cybersecurity breaches, though. The FBI received 4,000 cyberattack-related complaints over the course of 2020, wrote the Associated Press. It also didn’t prevent a notable supply chain attack that hit U.S. federal departments, security firms and tech giants. Three in 10 victims weren’t even running the compromised software before they fell victim to the attackers. Attackers abused software flaws, guessed online passwords and took advantage of configuration issues in a popular cloud-based platform.

This shows how entities are linked together. Malicious actors used their diverse attack techniques to turn one compromise into tens of thousands. They understand what this means, which is why a Microsoft executive told ZDNet that there won’t just be more incidents like the supply chain attack going forward but that they will be “the norm.”

Dependence and Cybersecurity Risk Management

Entities aren’t completely powerless against cybersecurity breaches. On the contrary, one can use cybersecurity risk assessments on an ongoing basis to scan your networks for potential weak points. Use the findings to direct investments. Focus on strengthening your position with respect to vulnerability management, network monitoring and threat intelligence. The threats might change, but these and other defense basics will remain.

Recent attacks and the WEF’s report underscore the need for greater teamwork and mutual accountability among all parties when it comes to digital defense. Vendors and researchers can’t protect everyone on their own. They need to work together if they hope to manage the global risk of cybersecurity failure over the next five years and the years that follow.

more from Intelligence & Analytics

CISA Certification: What You Need to Know

The globally-recognized Certified Information Systems Auditor (CISA) certification shows knowledge of IT and auditing, security, governance, control and assurance to assess potential threats. As you can imagine, it’s very much in demand. It can also be confusing.  Is CISA Certification Related to the Cybersecurity and Infrastructure Security Agency? CISA, the certification, is related to CISA, the federal agency, right?  Wrong.…

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…