This article published in CFA UK’s magazine Professional Investor (PI) suggests that despite the fact that cyber-attacks occur with greater frequency and intensity around the world, many either go unreported or are under-reported, leaving the public with a false sense of security about the threat they pose and the lives and property they impact. While governments, businesses and individuals are all being targeted on an exponential basis, infrastructure is becoming a target of choice among both individual and state-sponsored cyber-attackers, who recognize the value of disrupting what were previously thought of as impenetrable security systems. This has served to demonstrate just how vulnerable businesses, cities and countries have become, and the growing importance of achieving global risk agility in the face of such a threat.
Executive Summary
• While governments, businesses and individuals are all being targeted on an exponential basis, infrastructure is becoming a target of choice among both individual and state-sponsored cyber-attackers, who recognize the value of disrupting what were previously thought of as impenetrable security systems.
• Governments, businesses and individuals must devote greater resources to becoming more cyber-vigilant, which means they must devote more resources toward anticipating and protecting against attacks. Governments and businesses need to also engage in more public-private partnerships in order to adequately address the issue.
• Governments around the world have plans in place to deal with the consequences of natural disasters, yet none have disaster relief plans for a downed power grid. Clearly, this must change. The same may certainly be said of the need for businesses to put cyber-risk on the front burner, stop presuming it is someone else’s problem, and devote the resources necessary to seriously and effectively combat the problem.
As an example of the growing vulnerability of critical infrastructure, in December 2015 a presumed Russian cyber-attacker successfully seized control of the Prykarpattyaoblenergo Control Center (PCC) in the Ivano-Frankivsk region of Western Ukraine, leaving 230,000 without power for up to six hours. This marked the first time that a cyber weapon was successfully used against a nation’s power grid.