World Economic Forum finds that 95% of cybersecurity incidents occur due to human error
With over 2,000 cyberattacks striking the internet per day, businesses and individual users search for more efficient ways to protect themselves online. But all the usual tools might prove not as effective since 95% of all cybersecurity issues can be traced to human error, according to the World Economic Forum.
The World Economic Forum released its annual Global Risks Report surveying 1,000 pundits, highlighting the gaps in the industry and common vulnerabilities.
According to the report, the massive shift towards digitalization was furtherly accelerated by the COVID-19 pandemic, which resulted in elevated cyber risks. The trend will continue, with our lives becoming even more dependent on machines as our society moves towards blockchain technology, the metaverse, and virtual reality. While these developments present many security dangers, they also open doors to a plethora of opportunities and reimagined industries, such as art in the form of NFTs.
Cybercriminals are also eager to take advantage of the reinvented digital space. As such, in 2020, $406.34 million in crypto was delivered to ransomware addresses, up from $92.94 in 2019 and $27.3 in 2018. The criminal industry is booming, emphasizing the need for more cybersecurity professionals. Currently, there is a shortage of them, with 3 million specialists needed globally.
New vulnerabilities and uncommon scenarios
While vulnerabilities have always existed, the unprecedented speed at which they’re exploited is worrying. For example, a week after the discovery of the Log4j vulnerability, over a hundred attempts have been made to exploit it every minute, according to the report.
“Threat actors will now be in a race to leverage Log4j before patches are deployed, and some will likely be banking access for later use - meaning we could see a spike in Log4j-related security incidents, including ransomware incidents, in the coming weeks,” Brett Callow, Threat Analyst at Emsisoft, told CyberNews at the time.
At the same time, attacks are also getting increasingly hostile. WEF suggests that ransomware gangs are using more ruthless tactics and are targeting more vulnerable victims, including hospitals. The attack vectors have also expanded, with more tools being at the threat actors’ disposal.
“There are concerns that quantum computing could be powerful enough to break encryption keys — which poses a significant security risk because of the sensitivity and criticality of the financial, personal and other data protected by these keys,” the report reads.
These attacks are likely to intensify due to the growth of digital commerce in the metaverse, with WEF predicting it to reach over $800 billion by 2024. Additionally, fraud tactics will be implemented against various institutions, such as banking and health, more frequently, while deepfakes will spread at a faster pace. All of this will create additional tensions and sow seeds of distrust within societies.
Businesses, in turn, find themselves facing a reality where 95% of all incidents occur due to human error, with 43% of breaches attributed to insider threats. WEF argues that this might lead to further segmentation of digital systems, locking of sensitive information, and thus — less efficient operations.
Mitigation and the potential for a secure digital future
While the existing projections may seem rather gloomy, there are things to focus on in order to strengthen our defenses.
"Initiatives should focus on emerging technologies, such as blockchain, quantum and artificial intelligence, as well as the modes of digital exchange they facilitate, like the metaverse,” the report suggests.
WEF also calls for closer cooperation between organizations and institutions to create greater cyber resilience. Upskilling cybersecurity leaders, as well as building trustworthy technology are essential in driving the cybersecurity industry forward.
After all, the digitalization of the world and the progress achieved by humanity so far can either become our greatest achievement or our doom.
More from CyberNews:
Subscribe to our newsletter