The global Covid-19 pandemic shook our economies and societies to their very core, and made us acutely aware of how vulnerable we are to biological threats. However, in the digital world, similar risks are being overlooked as we speak.
By Matthew Campbell, head of SME & FTTH at Seacom
According to the World Economic Forum (WEF), a cyberattack with COVID-like characteristics has the potential to spread faster and further than any biological virus could hope to. In fact, it estimates that its reproductive rate would be in the region of 10 times greater than what we have experienced with COVID-19.
To put this in perspective, the notorious Slammer or Sapphire worm of 2003, one of the fastest worms we have seen to date, doubled in size approximately every 8.5 seconds, infecting more than 75 000 devices in 10 minutes – a number that reached almost 11 million devices in only 24 hours.
Luckily, until now, cyberattacks have not affected our health the way the pandemic has; however, they have caused severe economic damages, which indirectly affects all aspects of our lives.
Disconnecting millions of devices
Unfortunately, in the event of a Covid-like cyber threat, the only way to stop its exponential and inevitable propagation would be to completely disconnect the millions of vulnerable devices from each another and the web. And we’d only have a matter of days to do this.
If we consider that just one day without the Internet would cost the world economy over 50 billion US dollars, a few days without the web could be catastrophic. And this is before we’ve taken into account the indirect economic and societal damage that would follow in its wake.
Consider having essential services such as healthcare or transport, which are intrinsically linked to the Internet, offline for several days and the picture only gets more dire. The ripple effect of a pandemic-like cyberattack would carry over into every sphere of our lives, and recovery would be near-impossible.
The WEF adds a stern warning: “COVID-19 was known as an anticipated risk. So is the digital equivalent. Let’s be better prepared for that. The time is now.”
A clear and immediate danger
Each year, the WEF hosts Cyber Polygon, an online event which connects a range of global entities with the aim of conducting training, exchanging best practices, and bringing tangible results to the world community.
At last year’s event, founder Klaus Schwab opened with the words: “A lack of cybersecurity has become a clear and immediate danger to our society worldwide. We have seen in the past few months, for example, ransomware attacks targeting hospitals, critical infrastructure, school systems, the power grid, and many other essential services.”
He said citizens are feeling the impacts of cyberattacks directly, through energy shortages, delayed medical treatments, and more, adding that this new breed of attacks isn’t a problem that can be easily solved.
Unfortunately, today’s ransomware attacks are increasingly complex, and our adversaries more cunning than ever, continually increasing both their scale and impact.
Schwab believes this highlights the need for a structured multi-stakeholder, multi-lateral approach to secure our society against modern threats.
If we look at the Facebook outage that happened on 4 October last year, it’s easy to get a glimpse into what would happen if the Internet shut down. The few hours during which the social media giant went down highlighted how much of our digital and physical lives depend on the platform. And this outage wasn’t even due to a cyberattack but an internal faulty configuration change.
The impact inevitably filtered down to businesses, who had to contend with engagement and traffic falling, and both sales and customer services taking a knock due to being shut off from social media channels.
Dire consequences for a data-driven world
In a world where infrastructures and objects are becoming increasingly interconnected, physical flows of goods and services cannot happen without the control of information flows. A worldwide Internet shutdown would have dire consequences for our data-driven world.
Shutting off all Internet communications, even if only for a day or two, would inflict massive economic losses. One of the top applications of the web is still email, and, considering how it’s such a critical channel via which we conduct business around the world, productivity would grind to a halt. Our major telecommunications carriers use the Internet for call routing and communications, so cell phone communications would not be possible. Nor would we be able to use our credit cards, or even draw cash from an ATM.
Highways would be clogged with traffic jams as automatic tolls wouldn’t permit any vehicle to go through them. Cashiers would disconnect, leading to the shutdown of supermarkets and other shops. Power grids, suddenly no longer able to receive information from their sensors, would be unable to manage power supply in many areas. Industrial plants would stall, financial institutions would have to halt all operations. The list is endless.
The bottom line? As the WEF said, the time to prepare, is now. It is more important than ever to examine our IT security systems and processes, and protect critical IT infrastructure and digital identities with reliable security solutions from trusted service providers.