The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always changing. As a recent report by World Economic Forum shows, businesses and other entities should know how to keep up with and measure cybersecurity risk. Both are important and ongoing aspects of keeping your digital assets secure.

The Threat of ‘Cybersecurity Failure’

In early January, the World Economic Forum (WEF) released its Global Risks Report 2021. In this report, built from a survey, 650 members of WEF’s leadership groups offered their perspective on global risks. Their responses helped illustrate some of the major sources of risk confronting the world going into the new decade.

One of those was ‘cybersecurity failure.’ In other words, defensive measures always lag behind threat actors and breaches. Members of the WEF see this failure as one of the highest likelihood risks of the next decade. More than one-third (39%) said they regarded it as a ‘clear and present danger,’ meaning it will likely take effect over the next two years. About half (49%) expect it will also be an issue in the next three to five years.

Today’s Threats to Cybersecurity Risk Management

The reality is the world doesn’t need to wait for this failure. It’s already here, and one need not look far for proof.

Worldwide information security and cybersecurity risk management spending will grow 2.4% to reach $123.8 billion by the end of the year, Gartner predicted in June 2020. They projected one-third of that spending would go to security measures designed to support organizations’ cloud adoption efforts. The next highest investments are in technologies designed to secure organizations’ applications and data as many transitioned to a remote work model.

All of that spending didn’t prevent cybersecurity breaches, though. The FBI received 4,000 cyberattack-related complaints over the course of 2020, wrote the Associated Press. It also didn’t prevent a notable supply chain attack that hit U.S. federal departments, security firms and tech giants. Three in 10 victims weren’t even running the compromised software before they fell victim to the attackers. Attackers abused software flaws, guessed online passwords and took advantage of configuration issues in a popular cloud-based platform.

This shows how entities are linked together. Malicious actors used their diverse attack techniques to turn one compromise into tens of thousands. They understand what this means, which is why a Microsoft executive told ZDNet that there won’t just be more incidents like the supply chain attack going forward but that they will be “the norm.”

Dependence and Cybersecurity Risk Management

Entities aren’t completely powerless against cybersecurity breaches. On the contrary, one can use cybersecurity risk assessments on an ongoing basis to scan your networks for potential weak points. Use the findings to direct investments. Focus on strengthening your position with respect to vulnerability management, network monitoring and threat intelligence. The threats might change, but these and other defense basics will remain.

Recent attacks and the WEF’s report underscore the need for greater teamwork and mutual accountability among all parties when it comes to digital defense. Vendors and researchers can’t protect everyone on their own. They need to work together if they hope to manage the global risk of cybersecurity failure over the next five years and the years that follow.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today