1. Comment
  2. Comment
August 10, 2021updated 22 Feb 2022 11:10am

Cybersecurity is a key political and governance issue

By GlobalData Thematic Research

Cybersecurity is a hot topic. 2020 broke records in terms of data lost in breaches and the number of cyberattacks on companies, governments, and individuals. From the US to Russia to China, this is a key governance and political issue, with businesses in these respective states caught in the crossfire.

Ransomware attacks are also taking place around the world, with the Saudi Aramco attack being the latest example. The company suffered a data breach which resulted into a $50m cyber ransom demand.

According to GlobalData estimates, the global security industry will be worth nearly $238bn by 2030, having grown at a compound annual growth rate (CAGR) of 6.4% between 2019 and 2030.

As businesses across the globe embrace digitalization in their daily operations it is important to look at how they can better protect themselves against cyberattacks, particularly ransomware. Immature technologies such as IoT devices will be prime targets for ransomware attacks that have already been a hallmark of the first half of 2021.

Cyberwarfare exposes government weak points

How adept governments are at dealing with these attacks depends on how well they know their virtual infrastructures. Cybersecurity is a vital part of the holy trinity of technological, economic, and military power for a developed nation.

Defensive technologies lag behind offensive cyber technologies, making it difficult to fend off sophisticated attacks. In terms of defences China leads in the use of intra-government potentially unhackable quantum communications, with widespread use of its own surveillance technologies.

It was alleged in July 2021 that Chinese state-backed hackers compromised Microsoft email software to probe US non-governmental organizations and think tanks. In June 2021, Recorded Future, a cybersecurity company, identified the threat of Chinese state-sponsored hackers, dubbed Red Echo, targeting Indian infrastructure. These attacks are allegedly linked to the Sino-Indian conflict at the border between to the two countries.

Russian cyberattacks are also on the rise. In December 2020, Russian hackers targeted Solar Winds, a US software company. The ransomware attack on the Colonial Pipeline in America proved just how disruptive these attacks can be, with the potential to wreak havoc on vital operations.

Cyberattacks are a new tool in the arsenal of any state in the developed world. On 20 July 2021, the Department of Homeland Security issued a requirement that all critical pipelines transporting hazardous liquids and natural gas must implement protections against cyber intrusions. Any large breaches, such as the ones mentioned above, can have a significant impact on economic competitiveness and national security.

The public and private sector need a cybersecurity upgrade

Ransomware attacks are now more professionally engineered. Organizations such as DarkSide and REvil act as third-party collaborators, franchising their ransomware-as-a-service (RaaS) capabilities to attackers.

According to Sophos research, the average cost to an organization for recovering stolen data doubled between April 2020 to April 2021, rising to $1.85m in 2021. The average ransom paid now stands at $170,404. This trend will continue in 2021 and into the next decade as more companies use cloud services to store important datasets.

It is not enough for private companies to trust third party software providers to protect data. The recent attack on Florida-based IT company Kaseya spread to corporate networks which used its software and affected over 200 businesses. This included Co-op Sweden which closed over 800 of its stores. This incident shows that even if you are not directly targeted, companies can be caught in the crossfire when IT service providers are compromised.

Overall, both governments and private businesses need to better understand and safeguard their digital assets. Cyberattacks are becoming more sophisticated, with increasing attacks allegedly sanctioned by governments. For any business or government body which relies on technology, cybersecurity will be a major governance issue moving forward.