Time to get serious about cyber safetyby Michael Liebreich / May 18, 2017 / Leave a comment
The WannaCry ransomware attack, which hit the NHS hard and infected computers in over 150 countries, was a wake-up call. Our infrastructure is increasingly digital and connected—we need to get serious about protecting it.
The last few years have seen a number of large-scale, sophisticated cyber attacks. In 2011, 77m Sony PlayStation accounts were compromised. Since then hackers have penetrated MySpace (359m accounts stolen), LinkedIn (117m), eBay (145m), Target (70m), Experian (200m), Heartland Payment Systems (130m), Adobe (152m), Yahoo (1bn), the Philippine electoral system (55m)—the list seems endless.
Other attacks have been equally sophisticated but highly targeted, such as Stuxnet, originally designed to impede Iran’s nuclear programme, and last year’s raid on Bangladesh’s Central Bank, which came within a whisker of netting $1bn.
Until now, the consensus appeared to be that these attacks were an inevitable and irritating feature of modern life. Every so often a bunch of people have to change all their passwords and some hapless organisation takes a financial hit—but on a societal level that’s a small price to pay for the instant information and frictionless commerce we all now take for granted. The problem with this attitude is that as our economy becomes ever more digital and deeply connected, it is also becoming more fragile, to the point where the risk of a cascading collapse is very real.
In 2012, David Korowicz, physicist and human systems expert, modelled the implications of the ever-tighter linkages between our financial, energy and food systems. He found that a deep disruption lasting just a few weeks might be enough to make it impossible to “reboot” the earlier state of the economy, leading to the collapse of society. A sobering thought, given that it took weeks to restore power to all the homes affected by Hurricane Sandy in November 2012. Earlier this year, at least two people died from health emergencies during a blackout in Amsterdam that lasted only five hours.
The most recent Worldwide Threat Assessment of the US Intelligence Community, issued just before the WannaCry ransomware attack, sums up the nature of the cyber risk: “Nearly all information, communication networks and systems will be at risk for years… These threats are amplified by our ongoing delegation…