Threat of cybercrime looms large for supply chains, according to World Economic Forum

Growing cyber threats have been listed among the greatest global risks in the annual World Economic Forum Global Risks Report, published yesterday.

The Global Risks Report series tracks global risks perceptions among risk experts and world leaders in business, government and civil society.

It examines risks across five categories: economic, environmental, geopolitical, societal, and technological. Every year the report also analyses key risks to explore further in deep-dive chapters – these could be risks that feature prominently on our survey, those for which warning signs are beginning to surface, or potential blind spots in risk perceptions.

Cybersecurity, though, has been listed as one of the main areas of emerging threats, as well as competition in space, a disorderly climate transition, and migration pressures.

The report cited specifically the “growing dependency on digital systems” – intensified by the response to Covid-19 – which has “fundamentally altered societies”. At the same time, cybersecurity threats are growing and outpacing societies’ ability to effectively prevent or respond to them. Attacks on critical infrastructure, misinformation, fraud and digital safety will impact public trust in digital systems and increase costs for all stakeholders. As attacks become more severe and broadly impactful, already-sharp tensions between governments impacted by cybercrime and governments complicit in their commission will rise as cybersecurity becomes another wedge for divergence, rather than cooperation, among nation states.

The digitalisation of physical supply chains creates new vulnerabilities because those supply chains rely on technology providers and other third parties, which are also exposed to similar, potentially contagious, threats.

In December 2021, just one week after discovering a critical security flaw in a widely used software library (Log4j), more than 100 attempts at exploiting the vulnerability were detected every minute, illustrating how free access coding can spread vulnerabilities widely. Information technology (IT) monitoring and management software also illustrate the potential for contagious exposure, which can break through the defences of critical cybersecurity supply chains, as shown by the Solar Winds Orion attack that occurred in late 2020.

Malicious activity is proliferating, in part because of the growing vulnerabilities – but also because there are few barriers to entry for participants in the ransomware industry and little risk of extradition, prosecution or sanction. Malware increased by 358% in 2020, while ransomware increased by 435%.

As our reliance on digital technologies grows and Internet 3.0 becomes reality, efforts aimed at building norms and defining rules of behaviour for all stakeholders in cyberspace are intensifying. Initiatives should focus on emerging technologies, such as blockchain, quantum and artificial intelligence, as well as the modes of digital exchange they facilitate, like the metaverse.