World Economic Forum Publishes Global Risks Report 2020
For the first time ever, the top five most likely global risks enumerated in the annual Global Risks Report from the World Economic Forum (PDF) are all environmental: extreme weather, climate action failure, natural disasters, biodiversity loss, and human made environmental disasters. In terms of impact, the top five risks are climate action failure, weapons of mass destruction, biodiversity loss, extreme weather, and water crisis.
The likelihood of data fraud or theft has dropped from fourth to sixth while the likelihood of cyberattacks has dropped from fifth to seventh over last year’s annual survey. This realignment has more to do with increasing environmental threats than to decreasing cyber threats. Underpinning both sets of threat is growing global nationalism and increasing geopolitical tensions that make global action on climate less likely while increasing the threat of nation-based cyberattacks.
|Aerial photo from the futuristic and stylish Intercontinental Hotel in Davos, Switzerland. The Annual Meeting of the World Economic Forum takes place in Davos-Klosters, Switzerland from January 21 to 34, 2020. (Image Credit: World Economic Forum)|
The same background is threatening the global economic outlook. Nationalism, which weakens global trade, could lead to a fragmented internet. Economic stagnation could increase the likelihood of youngsters turning to cybercrime to ‘earn’ a living.
The report highlights the irony of the unfolding Fourth Industrial Revolution (AKA 4IR or Industry 4.0) — it provides great potential for economic and societal improvements, but brings with it counterbalancing increased cyber risk. These risks focus on the lack of security by design as manufacturers rush to be the first in the market, and the absence of global security governance.
The need for security by design is well understood. “Today, we are able to discover, assess, quantify and fix many of the issues that lead to cybersecurity risk in today’s world,” comments Alex Peay, SVP of product at intelligent automation software firm SaltStack, “but we too often make it an afterthought. If we focus on security and design and build to a secure standard, we can ensure that our innovations not only drive growth but foster security. For the first time many of the detriments of the coming Industrial Revolution are widely understood. If we are responsible and pragmatic about the adoption of security by design principles, we can avoid many of the pitfalls.”
On the lack of governance, the report gives ethics and artificial intelligence as an example. “There are over 80 frameworks,” it states, “yet the large increase in such initiatives serves to fragment the response to the threat, often imposing burdensome and sometimes conflicting obligations on organizations operating across national boundaries.” This applies across almost all governance areas, and is aggravated by nationalism and global geopolitics.
Sam Rubin, VP at the incident response, risk and forensics Crypsis Group, is not optimistic for an early fix. “While solutions suggested in the report, such as advocating for fair and concerted global actions on any 4IR-related governance frameworks, may eventually yield results, they will not come fast enough to mitigate risk in the near term,” he told SecurityWeek.
In the meantime, he believes everyone — both consumer and business — needs to improve their use of existing best practices. “Many security best practices are still not being executed, even at the consumer level (such as when buying and deploying IoT devices), and at the organization level,” he continued. “But risk will still likely remain — in today’s digital economy, cyber risk is an unfortunate, unavoidable fact — unless and until a utopian security panacea is developed.”
A major potential threat to cybersecurity comes from the potential fragmentation of the internet (sometimes known as cyber balkanization).The usual argument for this is a desire for national cyber sovereignty, but WEF adds that this could be exacerbated by “an increased risk of divergence in protocols — old and new — that could lead to fragmentation of cyberspace and future technologies.”
The dangers of a fragmented internet are complex and manifold. Today, the power of world trade and globalization is largely holding the internet together — but rising nationalism and the current potential for major international trade wars threatens this glue. This could, potentially, lead to a downward spiral — if international trade is weakened by geopolitics, then fragmentation could be encouraged by nationalism, and international trade and the global economy further weakened.
This would, in turn, make the likelihood of international cooperation on global security governance frameworks harder to achieve. The WEF report uses international law enforcement cooperation — which is necessary to combat the naturally international nature of cybercrime — as an example. “The fragmentation of cyberspace,” it warns, “will render those efforts moot and create possibly insurmountable technological incompatibilities for law enforcement to cooperate across varying systems.”
But the threat of fragmentation goes deeper, potentially affecting all aspects of society and linking back to the global environmental threat. “As the world is on the brink of climate collapse,” warns the report, “the necessary duplication of efforts for overcoming such technical fragmentation would not only be economically counterproductive, but also environmentally inefficient. This inefficiency is further amplified by countries’ pursuit of isolated national technology regulations. Adaptation to different products for different markets would inevitably increase the negative environmental footprint of any industry.”
This is not an optimistic report from the World Economic Forum. Heightening geopolitical tensions feed other issues, especially technological issues, that in turn make improving geopolitics more difficult. The danger is a downward spiral that will throw individual companies back on their own resources rather than international cooperative resources. For now, we seem to be heading for the worst of all possible worlds: connected by technology but separated by politics.
“In a hyperconnected world, attack surfaces and interdependencies will grow astonishingly quickly,” warns Steve Durbin, managing director of the Information Security Forum. “Cyber resilience has to be the way forward — know your data, quantify risk through a scenario driven approach, adopt an organization-wide strategy towards cyber security management. In addition, organizations should rethink crisis management, disaster recovery and business continuity plans, conducting full risk assessments on all external assets and services in order to plan effective responses with business leaders and to maintain a current, business-supported risk response readiness.”