The COVID-19 pandemic has resulted in the expansion of the cyber domain in our daily lives and in all industrial fields, and in conjunction with this, the scope and target of cyber attacks have been rapidly expanding. As the advanced digital transformation has accelerated and the use of online platforms such as telecommuting, remote education, and videoconferencing have increased, it has resulted in a corresponding surge in omnidirectional cyber attacks.
According to the Allianz Risk Barometer report, recent cyberattacks and data breaches are the highest risks to the business sector. Over 40% of enterprises worldwide have experienced cyber threats, and cyberattacks leading to business disruption in 2021. This threat has held the number one spot seven times over the past decade, increasingly making the workplace a hotspot for cybercriminals. Unsurprisingly, 94% of companies surveyed last year reported supply chain disruptions after the pandemic.
The KOTRA Silicon Valley Trade office pointed out in a report that cyber threats aimed at security blind spots have increased sharply since last year, including acquiring VPN account information of employees using them to work from home, accessing corporate internal networks, downloading remote class files, or inducing malicious code infections.
In addition, as the use of cloud services, a key technology for digital transformation, increases, more and more data and apps are being transferred to the cloud, resulting in unprecedented security problems.
The cybersecurity market grows together with digital transformation
The global cybersecurity market is expected to grow from $217.9 billion this year to $345.4 billion in 2026. According to Research & Markets, the United States by region was ranked as the world’s largest cybersecurity market with sales of $54.4 billion in 2021, which is five times more than China, the second-largest market.
The U.S. cybersecurity market is expected to grow 17% over the next two years to achieve a value of $63.8 billion. During the same period, China’s cybersecurity revenues are expected to reach $10.1 billion, significantly less than the leading United States. Nevertheless, this figure is expected to reach a value of $14.3 billion by 2023, with an astonishing 41% growth rate. In the future, China is expected to surpass the United States and become the world’s largest sales growth country. The UK, the third largest cybersecurity market, is expected to generate revenues of $9.8 billion by 2023, an increase of 18% in two years.
The amount of data breach damage during the COVID-19 period has been the highest ever. Global Stock Apps reported that the average cost of damage per company from data breaches worldwide has increased by approximately 10% annually over the past 12 months to $4.2 million, up 5.5 percent in two years. In particular, the U.S. showed the highest average data breach cost of $8.64 million in 2020, up 5.5 percent from 2019. In the second quarter of 2021, it continued to top the list with $9 million from $8.64 million a year ago, followed by Saudi Arabia and the UAE with $6.9 million. Canada was $5.4 million, Germany $4.9 million, Japan $4.7 million, and Korea $4.24 million.
Cyberterrorism, the biggest threat to the United States
According to the 2020 Internet Crime Report by the U.S. Federal Bureau of Investigation (FBI), types of financial losses caused by cybercrime include data damage and destruction, money, intellectual property rights, financial data, hacked data and system restoration, and damage to an organization’s reputation. In 2005, the total financial loss from cyberattacks and fraud reached $183.1 million, while by the end of 2011, the figure jumped 165% to $485 million. In 2015, it reached $1 billion, but this was only the beginning of massive growth. In 2019, the figure tripled to $3.5 billion. Last year, the FBI’s Internet Crime Reporting Center received nearly 792,000 complaints, with the most frequent Internet crimes being phishing attacks, outstanding fraud and extortion. Last year, compromise schemes via business e-mail were the largest cybercrime, accounting for 42% of total losses, or $1.8 billion.
The US White House recently announced at a meeting of CEOs that President Biden has decided to invest $20 billion and $10 billion over the next five years, respectively, between Microsoft and Google, the big tech companies to strengthen the cyber ecosystem. Apple, Amazon, IBM and JP Morgan were also included. An official said It will be used to improve security solutions, upgrade the protections for U.S. government agencies, and expand cybersecurity education partnerships.
Washington-based Microsoft was one of the main targets for cybercriminals. About 38 million confidential records were accidentally leaked from thousands of apps and portals using Microsoft’s Power Apps platform and exposed to the Internet for months. In addition, in March, the cyber espionage group Hafnium abused Microsoft’s widely used e-mail and calendar exchange servers, infringing on more than 30,000 commercial and local government agencies in the United States. Recently, T-Mobile US said cyber attackers infringed on computer networks and stole the personal information of more than 40 million past, present and potential customers. The information stolen from the company server included the victim’s name, date of birth, resident registration number, and driver’s license information.
Moreover, over the years, the United States has had to deal with a long list of threats, from geopolitical tensions with China and Russia to international terrorism and the spread of pandemics. In the future, it can be expected that cyberattacks targeting critical infrastructure between the United States and Russia and China will increase further. According to a Gallup poll, more than 80% of respondents cited cybersecurity issues as the number one threat facing the United States over the next decade. North Korea and Iran ranked second and third in the threat ranking, while international terrorism and infectious diseases tied for fourth.
Cyber Threat Response Tasks
According to a report jointly published by the World Economic Forum and Oxford University in November 2020, ubiquitous connectivity, artificial intelligence (AI), quantum computing, and digital identity were cited as technologies exposed to representative cyber threats that promote transformation in cyberspace.
First of all, when we look at the data released by the Korea Internet & Security Agency on ubiquitous connectivity, cyber security operation capabilities are generally insufficient. It is further exacerbated in new systems where current risk controls do not work properly. As the industrial ecosystem becomes increasingly complex, it is important to determine the optimal risk response method that is appropriate for the purpose of the enterprise. To enable customers to make the right risk management decisions, the industry ecosystem must build trust in the transparency of security functions in the supply chain.
In addition, AI is increasingly dependent on business services and AI algorithms as the use of AI in companies’ core businesses increases. However, there is a lack of general confidence in how to design, develop, and use artificial intelligence algorithms. Therefore, it is necessary to develop tools to protect AI-based processes to cope with various cyber threats. It is critically important to establish security principles for AI-related to the safe design, life cycle management, and accident management.
Quantum computing is one of the most important technologies that will spark a future quantum revolution. Quantum algorithms have the potential to bring innovative advantages and developments in a variety of use cases across industries. For example, quantum can be applied to molecular simulations to accelerate drug discovery and improve financial optimization problems and improve AI functions. However, quantum computing poses a variety of security risks. That is, there is a risk of destroying the existing cryptosystem. In the face of the quantum transition and potential future threats, standards, governance principles and regulations must be in place for risk management.
The last problem to pay attention to is the emergence of the next generation of identity systems. A high-value digital identity ecosystem is likely to be targeted by cyber attackers. Increasingly sophisticated attackers will exploit vulnerabilities in major components such as authentication devices, communication equipment, and databases to steal accounts, obtain transaction information, and collect sensitive information. It is necessary to introduce a new approach to prevent the complex ID of the distributed heterogeneous ecosystem from fraud and infringement.
According to experts, it is advised that security managers should upgrade their cybersecurity framework to the next level, which identifies the motives, means, and methods organized by cybercriminals and build necessary defense measures. Considering the development trend of technology throughout the industrial ecosystem and future complexity, speed, scale, and interdependence, it is necessary to gradually expand the scope of cybersecurity from existing networks and systems to various information layers and the integrity of AI algorithms.
Cybersecurity should not just be a matter of protecting systems and networks but a way of ensuring the integrity and resilience of interconnected processes in an increasingly complex technological environment. Therefore, new security priorities must be established within the business and key infrastructure to identify the impact of cyber risk exposure resulting from the introduction of new technologies and to maintain risk at an acceptable and sustainable level.
In conclusion, there is a saying that cybersecurity is a battle between a spear and a shield in a virtual world. This means that attention should not be delayed for a single moment. In order to accommodate rapid changes in technology, decision-makers will need to strengthen information protection education and provide monitoring, blocking, and protection for the entire range of cyber attacks, including system mock hacking and networks and clouds.
저작권자 © Korea IT Times 무단전재 및 재배포 금지