4. Digital acceleration hits emerging threats | Top Five Risks | RiskMap 2021
Top Five Risks
Digital acceleration hits emerging threats
Nicolas Reys | Director
Three challenging dynamics will converge in the digital space for companies worldwide in 2021. In every sector the pandemic-propelled surge in technology investment will continue as a necessity to operate in our new reality. This technological charge will dramatically increase connectivity across all industries and, with it, the exposure to digital threats. The pace of adoption required in this new world is already compounding exposure through rushed procurement and implementation of new tech. In a recent survey of more than a thousand technology professionals across the world, 76% expressed concerns about the long-term impact of digital transformation they have had to rush through during the pandemic.
This trend will collide with the growth of digital nationalism across the world. Regulatory risks, including sanctions and bans on procuring foreign tech, will rise in 2021. Ideological and practical blocks are emerging rapidly. Competing visions of digital sovereignty have now trickled into regulatory and operational requirements. In 2021, these differences will widen. Businesses will be forced to choose supply chains and operations that comply with national security and regulatory obligations across a myriad of jurisdictions. Balancing the requirements of these rapidly shifting obligations with the imperative of swift technology adoption will be a challenge for years to come.
The challenges for business will be opportunities for threat actors. They will capitalise on increased connectivity and rapid solution adoption. From remote working and cloud services to automation and 5G, the raft of new practices and emerging technologies set to grow in 2021 are already being targeted by these groups. The impact of cyber attacks is also increasing. From physical damages to significant operational disruption, threat actors have acknowledged the criticality of connectivity for their victims. Expect them to strike relentlessly in 2021.
Although the increasing capability of threat actors is a constant, it is not all doom and gloom. Technology has enabled us to survive a pandemic, and it will be central to thriving in a post-pandemic world. Opportunities for business across all sectors and geographies are plentiful. The key will be to rapidly assess the entire spectrum of risks associated with existing and planned digital initiatives within each organisation. Cyber is no longer just a security or technology challenge, it is an existential risk and opportunity for all. Companies that treat it as such will successfully navigate the complexities of 2021.
The great survival rush
Even before the pandemic, studies forecast that digital laggards could see a loss of revenue opportunity of more than 43% by 2023 compared to their digitally progressive peers. The stakes are now much greater. Already, most companies have acted. For some, technology leaped five years ahead in ten months as they kept pace with the impacts of COVID-19. Budgets expanded in line with network and web traffic. US telecommunications company AT&T has experienced growth of 20% in core network traffic since the onset of the pandemic; Telstra, an Australian peer of AT&T, saw an increase in international web traffic of 35%; while Nokia, a Finnish telecommunication technology company, reported that aggregate traffic volumes were up 25%. These trends did not significantly shift after initial lockdowns were eased in most countries. They are indicative of a new reality.
Executive leadership prioritised cloud adoption in adapting to the new reality, but as the world looks to recover from the pandemic, technologies such as 5G, artificial intelligence, data analytics and process automation will shift from important to essential in business and geopolitics alike. In 2021, companies across the world will have to cautiously balance the drive for technological adoption with security, integrity and resilience challenges.
The rise of digital nationalism
In 2021, we expect global interconnectivity and the very architecture of the internet to come under significant stress – not just from increased usage, but from fundamental rifts in the world’s technology infrastructure. The US-China battle for tech supremacy will rage on. In 2020, Beijing announced its long-term strategic plans, including an ambitious China Standards 2035 agenda to improve its leading tech companies’ ability to set global standards – previously heavily dominated by US and European firms. The change in US administration is unlikely to deter the growing leveraging of trade sanctions or fundamentally change the antagonism towards China.
Other world powers are also joining the fray. The EU is asserting its digital sovereignty through its regulatory and economic weight, but remains likely to fall short of achieving independence from the US and China in the years to come. India is confronting Chinese technology in increasingly tense diplomatic skirmishes, including banning more than 160 Chinese mobile (cellular) apps on national security grounds in 2020 amid tension along the disputed Himalayan border. Meanwhile, Brazil is joining the list of countries enforcing data localisation requirements.
This digital nationalism will expand in 2021. The examples of Huawei, TikTok, Kaspersky, Facebook, Google and other companies prohibited from operating in the US or China are just the beginning, though the ire of the US administration towards TikTok in particular hints at where this nationalism will harm businesses. According to the US government, the national security threat from the Chinese-owned app resides in its international data transfers, not in its intrinsic access to a network or vulnerabilities in the app itself – unlike its telecom counterpart, Huawei. This signals an upcoming challenge for companies with products whose appeal relies on global communication – a challenge that those operating in China have already contended with. Data localisation failures will no longer just be a matter of compliance, lawyers and financial penalties – they will become existential.
The threat landscape never gets simpler
While policymakers and jurists design new ways of operating on the internet, threat actors are exploiting the still open nature of our connectivity. Most notably, ransomware will be back with a vengeance in 2021 as one of the most significant risks to businesses. Our analysis of recent trends in organised cybercrime highlights a frenetic expansion in ransomware-as-a-service offerings, as well as mergers and non-compete agreements between leading cybercriminal groups. These cartels have operated ruthlessly during the pandemic, hammering thousands of organisations across the world with ransomware, distributed denial of service and data breach extortions, sometimes all at once.
For technology used by businesses, the uncertainty generated by the pandemic will pale in comparison with the increased levels of interconnectivity and uncertainty expected in 2021. Criminal operations will increasingly impact businesses next year. Targeting behaviours have also expanded to mimic technology used by companies around the world. According to our analysis, technology suppliers – cloud, infrastructure, or service and communications providers – are the most targeted organisations by organised cybercriminal groups for extortion.
As interconnectivity increases in the near term, the systemic risk of ransomware operations grows. The consequences of this trend for businesses are significant, as ransom demands and operational disruption increase in lockstep. The risk of physical harm is also growing. In September 2020, for the first time, a death in Germany was publicly tied to a criminal ransomware operation. A critical patient was unable to be treated in time after the attack paralysed medical equipment.
As geopolitics will weigh heavily on the digital space in 2021, cyber threats will impact forcefully in geopolitical hotspots. European and US attitudes towards Russia in 2021, with the likelihood of renewed sanctions, will motivate Russian advanced persistent threat (APT) units to target critical infrastructure across both regions. We expect the Middle East to witness significant disruptive cyber attacks next year as tensions across the region escalate. Across Asia, although state-sponsored disruption remains unlikely, tensions between China and its neighbours are likely to motivate a development of sabotage capabilities that could risk escalation into disruptive operations.
Slowing down the adoption of technology will not be an option for anyone. 2021 and the years to come will demand rapid responses to a volatile digital threat environment. Operational teams will need to maintain a fast pace of work to respond to the consequences of warp speed digital transformation. Strategic thinkers in organisations who are not already doing so must now take a long-term view of digital and cyber risks. The winners of 2021 will be seen in the years ahead. They will be those who accurately forecast how the interconnectivity of risks generated by emerging technologies will evolve while preparing for their implementation.
For operational teams, automation and artificial intelligence offer the promise of a brighter – and less chaotic – future for digital risk management. Technology can also be an enabler to security and resilience and organisations must look to it to reduce the burden on human responses to operational threats. For strategic teams, questions around political, compliance and long-term resilience risk must be asked to prevent catastrophic failures in the future. The adoption of emerging technologies is a matter of survival, but without careful planning could expose you to multiple unintended risks.