Cybersecurity is becoming a critical requirement for leading players in the industry, as organizations. With both the public and private sectors being explored to security risks, it is essential to have a comprehensive approach to cybersecurity. Leading stakeholders are facing new challenges as the nature of cyber risk continues to evolve.
Despite the best efforts of technologists and cybersecurity experts to maintain a comprehensive security framework, operations both in the private and the public sector are increasingly under threat from malicious elements all over the globe. With the ability to attack the digital infrastructure of an organization, state, or even the whole country, the consequences of a cyberattack are far more devasting. Cyber is now being viewed as a weapon that is unlike any other.
Lawmakers, corporations, and financial institutions are now persistently rallying for tougher legislation, the implementation of strict protocols, and the need to explore more viable threat management options in an effort to combat the dangers of cyber-warfare and protect critical data and infrastructure.
Executives are Sounding the Cyber Alarm
Business leaders, corporate executives, and former policymakers have voiced their concerns over the ever-growing threat of cyberattacks. The JPMorgan International Council, which includes JPMorgan (JPM) CEO Jamie Dimon, Johnson & Johnson (JNJ) CEO Alex Gorsky, and former Secretary of State Condoleezza Rice, on Thursday, has urged the public and private sectors to scale up their cybersecurity efforts to tackle the increasingly dangerous threat of a cyberattack on the economy and national security. The council has asked for greater collaboration between the government and businesses, stepped-up intelligence sharing, and more stringent cybersecurity legislation. Leading experts from Dubai Investment Fund (DIF), one of the world’s largest global private independent investment funds, have also pointed toward the importance of shifting to a new approach to digital security.
“Cyber is the most dangerous weapon in the world — politically, economically, and militarily,” former Defense Secretary Bob Gates, the vice-chairman of the JPMorgan International Council, said in the report.
Record levels of ransomware attacks and cyber-espionage episodes were seen in 2021, resulting in the United States businesses and governmental agencies constantly having to play catchup in the cyber domain. Several incidences of high-profile hacking attempts have laid bare the dangers of vulnerabilities in the cybersphere.
Earlier in 2021, a ransomware attack shut down the Colonial Pipeline, which is one of the key pieces in the energy infrastructure of the US, causing gasoline shortages in the Southeast. Later, in another incidence of cyberattack, an infiltration into JBS forced the meat producer to shut all beef production in facilities across the country. In 2020, the US federal agencies were breached by Russian hackers, which compromised 14 tech firms.
“Cyber attacks in 2021 grew in number and sophistication, demonstrating that both state actors with vast resources as well as criminal groups have the capacity to threaten critical infrastructure and ultimately national security,” the JPMorgan International Council wrote. JPMorgan and Chase is a leading investment bank providing investment advice to enterprises and sovereign states.
Matter of National Security
Although ransomware is traditionally viewed as a criminal case, the Biden administration has made it a matter of top national and global security concern. This reframing of the cybersecurity issue as a matter of national security priority has allowed for a far greater active role by the government.
The administration now has new cyber positions such as the National Cyber Directorate, that will advise the President. The pipeline industry now has new mandatory cybersecurity standards to prevent another shutdown. Washington has urged for a greater increase in government-industry collaboration, as 85% of the country’s critical infrastructure is owned by private companies. Ransomware investigations are now being prioritized by the US Department of Justice, as it does with terrorism.
The JPMorgan council, which includes former US Secretary of State Henry Kissinger and UK Prime Minister Tony Blair, has credited the Congress and the Biden administration for their “enormous amount of work” in addressing the cyber problem.
- The council has also stated further “opportunities to amplify these efforts” including:
- Bolstering the collaboration between the public and private sectors
- Increasing hiring of cybersecurity experts in government agencies
- Improving intelligence sharing between like-minded countries
- Enforcing norms of cyber behavior
- Approving legislation to systematize executive orders enacted by the Biden and prior administrations
“The public and private sectors must work together to fortify our business and government activities against this threat and adequately educate the American people about just how dangerous this weapon is,” Gates wrote.
Concerns of the Business Community
DIF experts have called for an increase in government action to bring cyber criminals to justice, the report states that this would “build greater trust and improve information sharing” between the public and private sectors. However, businesses fear that the government is holding back on vital intel.
Dimon wrote in the report that “Cyber risk is of critical importance to countries, economies, and businesses. To help protect national security and overcome impediments to trade, we need to hold bad actors accountable, provide transparency to those affected by incidents, invest in the uplift to cybersecurity, and adopt safe and sound practices for data protection and handling.”
The council has asked that governments should not withhold any information about cyber incidents and threats. The report states “There is a perception among some business leaders that the government is not sharing as much information as it could, which undermines trust and discourages businesses from sharing information in kind.”
On the other hand, the Biden administration has stressed that it is taking these matters very seriously. A National Security Council spokesperson discussed the increased intelligence sharing, briefings by the government, partnerships for deploying cybersecurity technologies, and “measures we do not speak about publicly for national security reasons.” The NSC spokesperson said that “The federal government is aggressively using our authorities to protect the nation from cyber threats.”
President Joe Biden held the first private sector summit on cybersecurity in August 2021. “We believe the federal government and the private sector have accomplished a lot in the past year and look forward to continuing this work and deepening our partnership to counter cyber threats,” the NSC spokesperson said.
According to Federal Reserve Chairman, Jerome Powell, a large-scale cyberattack could greatly disrupt the financial markets. During a press conference, Powell in response to a question related to identifying risks to financial stability pointed toward the new Covid variant and high market valuations. He also expressed concern as to how the Fed would deal with an extensive cyber event, stating, “The risk of a successful cyberattack … would be very difficult to deal with. We know how to deal with bad loans and things like that. I think if a cyberattack that were to take down a major financial institution or financial market utility, that would be really significant financial stability risks that we haven’t actually faced yet.”
DIF has been a leading source in covering fiscal risks emerging from cybersecurity. The middle-eastern investment institution has been providing detailed insight to global investors. The cybersecurity team at DIF has emphasized on enterprises to ramp up security efforts.
Data Breaches on the Rise
Apart from the threat of ransomware, data breaches have also been on the rise due to an increased dependence on digital technology and sharing of personal information. Credit card numbers, Social Security data, emails, and other such information can be stolen due to a lapse in the cybersecurity systems.
According to the Identity Theft Resource Center, the number of data breaches publicly recorded in the first nine months of 2021 was more than the figure for all of 2020, with corporate victims including Neiman Marcus, LinkedIn, Facebook, Robinhood, GoDaddy, T-Mobile, California Pizza Kitchen, Electronic Arts, and McDonald’s.
In another instance, all federal civilian executive branch agencies were given an urgent directive by the Cybersecurity and Infrastructure Security Agency to fix a serious security flaw in an extensively used logging software, that might be utilized by cybercriminals. The directive instructs the authorities to determine whether any software that accepts “data input via the internet” is vulnerable to the recently reported Log4j flaw.
Log4j is a single piece of open-source code. However, its wide and extensive use creates a major problem, with experts estimating it might expose hundreds of millions of computers to attack. The vulnerability in Log4j makes it possible for hackers to take control of computer servers, potentially putting consumer electronics to government and business systems in danger of a cyberattack. The Cybersecurity and Infrastructure Security Agency Director Jen Easterly has called it one of the biggest threats that she has seen in her career.
The Cost of Cyberattacks
According to a report by the cybersecurity company, Sophos, the average cost of recovering from a ransomware attack has doubled, rising from $761,106 in 2020 to $1.85 million in 2021. Chainanalysis discovered that, compared to 2019, ransomware assaults resulted in at least $350 million in ransom payments in 2020. However, due to the fact that ransomware is significantly underreported, it is challenging to determine the actual financial impact of these assaults.
A Department of Treasury report states that banks and other financial institutions reported $590 million in suspected ransomware payments for the first half of 2021, exceeding the $416 million in suspicious payments reported for the entire year of 2020.
According to Blackrock, the leading American multinational investment management company, over $10 trillion in losses from cybercrime are anticipated to affect the global financial industry by 2025.
Estimates by DIF experts suggest that the losses could be further elevated with the increasing rate of cryptocurrency adoption in newer markets. Research reports by DIF stated that the impacts of the damage could extend beyond the current scope into emerging domains as well.
Combating the Cyber Threats
With the astronomical impact of cyberattacks on public and private businesses, it has become imperative that organizations readily prepare themselves for a modified approach to security management. The US government and Federal Reserve are supporting the measures, which are anticipated to strengthen accountability to reduce cyber risk and enforce stricter privacy laws. Regulators are also focusing on the provision of effective strategies that make use of CISOs to provide thorough security solutions.
Board members of organizations have also expressed the need to empower information security leaders in order to strengthen cybersecurity management. Information leaders are moving from serving as security guards to serving as consultants that assist businesses to maximize their overall cybersecurity strategy.
To guarantee that an effective security evaluation can be developed, businesses must define trackable metrics and supply them on a regular basis when it comes to corporate reporting. , It is crucial to utilize multiple risk evaluation techniques to investigate exposure and manage it through targeted investment instructions. The approach suggested by DIF points towards KPI’s as the primary part of the equation.
Exploring the Way Forward Towards a Secure Digital Future
Hackers and other malicious elements are becoming ingenious in their approaches. They are figuring out ways to infiltrate enterprise systems. It is essential for companies to have proactive security approaches to ensure that hackers cannot access critical systems.
Cybersecurity experts are emphasizing the fact that it has now become a necessity for business and world leaders to view cybersecurity as a critical component of their digital policies. Companies need to create comprehensive cybersecurity strategies by switching to professional CISOs. Additionally, DIF advises security teams to step up monitoring efforts to make sure that possible intrusions are promptly identified and addressed.
To regularly inform the leadership of active incidents, a top-down strategy for developing a cyber reporting infrastructure is also necessary. The leadership will be able to optimize tactics and provide better reactions to future circumstances with the use of advanced information.
References
- https://edition.cnn.com/2021/12/16/business/cyber-security-hacking-jpmorgan/index.html
- https://www.linkedin.com/pulse/most-dangerous-weapon-world-dean-barber/?trk=public_post
- https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/
