Data is the new diamond. And cybercriminals know this only too well. Safeatlast, an online consumer services rating site, tells us to expect a ransomware attack on a business every 11 seconds. If it is right, this year will see 31,500,000 cyberattacks in all of its 365 days. Now that we are halfway into the year, there are 15 million more ransomware attacks to go.
All this is expected to cost companies around the world US$20 billion. Call it the curse of doing business in a connected world. Start with Colonial Petrochemical Pipeline, an American downstream company that supplies half the oil to its east coast customers.
Following a cyberattack on May 7, the company was compelled to shut down the pipeline, which stretches from Texas to New York, sending customers into panic. According to The Guardian, the British daily, four states in the United States had to declare an emergency. Media reports say the pipeline company paid US$4 million to the cybercriminals.
A week later it was the turn of Ireland's public health services provider, Health Service Executive, to have its data compromised by ransomware. According to The Economist, the cybercriminals threatened to release the stolen data, which included confidential records of patients, if HSE didn't pay US$20 million. HSE wisely declined to pay, pushing the company into the old world of pen-and-paper. Up to June 14, HSE was said to be in hard-copy mode.
States are leaving everything to the companies to deal with the digital deviants, even though the governments, mostly Western, think it is the work of criminals from a few autocracies. It could be because the states themselves had engaged, and still do, in stealing information to further their national interests, though not for ransoms as such.
Be that as it may, companies operating in the cyberworld have to resort to an old world wisdom: an ounce of prevention is better than a pound of cure. But if a 2016 study done by Accenture, a consultancy, is anything to go by, chief executives' confidence in their companies' cybersecurity doesn't match the breaches that are happening on a daily basis.
In the study, aptly titled "Facing the cybersecurity conundrum", Accenture says one in three focused breach attempts succeeds. The source of the conundrum may be with companies' overreliance on compliance, the ticking-of-the-boxes kind.
Spotting a breach isn't the same thing as responding to it. Like Covid-19 fatigue that causes infections and fatalities to spike, cybersecurity compliance fatigue may expose the companies to huge risks. And that exposure, says another Accenture study done with the World Economic Forum, may put at risk US$5.2 trillion of corporate assets between 2019 and 2023. Or better still, governments and businesses find a way to work together to fight a common enemy: cybercriminals.
Cybersecurity is too big a job for governments and businesses to handle alone, says WEF. We agree. Australia has an example. There, the eSafety Commissioner, the world's first government agency to form a grand public-private alliance against cybercrimes, has put in place a set of principles for the safety of online services. The US is headed that way, too, with a view to setting standards for the Internet of Things. Taking cybersecurity the SIRIM standards way may be an idea whose time has come.