Nations' reliance on the internet and connected services means the potential damage from cyber-attacks is one of the biggest risks facing the world today, according to a report from the World Economic Forum (WEF).
The threat of cyber-attacks and cyberwarfare sits behind only extreme weather events and natural disasters in terms of events likely to cause disruption in the next five years, according to the WEF's Global Risks Report 2018. The WEF is an international body which brings together business, political, academic, and other leaders to help shape the global agenda.
The report highlights ransomware in particular as a cyber-threat, and says that 64 percent of all malicious phishing emails sent during 2017 contained file-encrypting malware.
The Global Risks Report 2018 cites two major events as examples of the damage and disruption which can be caused: the WannaCry attack, which affected 300,000 computers in 150 countries and impacted infrastructure across the globe including the UK's NHS, and Petya -- which caused losses of over $300m to a number of organisations.
But that's relatively low-level compared with what could be achieved should cyber-attackers -- whether backed by a nation or an organised criminal gang -- focus more of their attention on industry and critical infrastructure.
"In a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning," warns the report.
Last year's Global Risks Report warned of the potential threat posed by insecure Internet of Things devices and a year of IoT-related security incidents hasn't done anything to dampen the threat, with hackers increasingly turning their attention to these devices as a potential backdoor into networks.
"Cybercriminals have an exponentially increasing number of potential targets, because the use of cloud services continues to accelerate and the Internet of Things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020," says the report, adding: "What would once have been considered large-scale cyberattacks are now becoming normal."
Most attacks on critical and strategic systems have yet to succeed, but the WEF says the growing number of attempted attacks suggests the risks are increasing, especially as the interconnected nature of the world means attacks can cause "irreversible" systemic shocks.
While the report says approaches to cyber-risk are improving, it argues that much more needs to be done to protect organisations -- and society as a whole -- from attacks.
"Geopolitical friction is contributing to a surge in the scale and sophistication of cyberattacks. At the same time cyber exposure is growing as firms are becoming more dependent on technology," said John Drzik, president of global risk and digital at Marsh.
"While cyber risk management is improving, business and government need to invest far more in resilience efforts if we are to prevent the same bulging 'protection' gap between economic and insured losses that we see for natural catastrophes," he added.
Looking to the future, the report warns about the possibility of 'war without rules' if state-on-state conflict escalates unpredictably due to the absence of cyberwarfare rules -- potentially leading to miscalculations and a fog of uncertainty which could lead to attacks and retaliations that spread and cause damage to unintended targets.
Recent and related coverage
Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)
How will the cybersecurity arms race develop in 2018? Experts have made a multitude of predictions, and we have analysed them.
'Shocking' flaws show apps for industrial control systems are being built without enough thought for security, according to researchers.
READ MORE ON CYBERCRIME
- After WannaCry ransomware attack, the NHS is toughening its cyber defences
- Hackers targeting US nuclear power plants [CNET]
- Bad Rabbit: Ten things you need to know about the latest ransomware outbreak
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse [TechRepublic]
- SCADA security: Bad app design could give hackers access to industrial control systems