The Dark Side of Connectivity – Risks of the Information Centric World.

I was interested to read the Dark Side of Connectivity case study in last week’s World Economic Forum’s Global Risks 2012 report. This insightful piece highlighted many of the challenges that we all face daily in information security.

Today we are hyperconnected in a way that has never been possible before. Information Technology underpins modern businesses and losing connectivity to the web can be catastrophic for a business in a way that could not have been envisioned just 10 years ago. This is only set to become more prevalent as the ubiquity of mobile devices and the connection of “smart” devices such as electricity and gas meters, televisions and fridges expand the impact and influence of wrong doing into the virtual world, and the overlap with the physical becomes more dominant.

While connecting traditionally isolated systems to the Internet offers huge benefits such as optimising power usage, being able to control or view systems remotely, it also exposes these systems to a new level of risk as mechanical devices are exposed to exploit by remote systems.

 Protection is also not isolated. Investment in security by individuals and companies is a benefit to all, and failure to invest can also have a wider impact. SPAM and botnet infections can only be countered by widespread implementation but there is often a lack of an economic driver for organisations when it comes to implementing controls beyond dealing with the immediate risks. 

One of the most interesting elements in the report is the challenges around creating meaningful discussions on the risks of an interconnected world. This is a topic I’ve been discussing with a friend who works within the Insurance industry a lot recently. The key to being able to factor risks is to describe it; however, we don’t have a common language or any empirical evidence from which we can both benefit. As the report highlights, whilst information security companies can provide information on the threats that are seen, there is often a lack of clarity on the impact on individual organisations of cyber attacks and interruptions to digital connectivity.

The biggest challenge we face in sharing information on threats and impacts is avoiding exposing sensitive information. We need to find a way to enable companies to share information on the impact of cybercrimes in a secure manner, which also takes account of the uncertainties in measuring cyber risk. This will allow us to quantify investment but also assist the growing cyber risk insurance market to create meaningful cyber security policies and position premiums based upon the precautions that an organisation has taken and cyber preparedness. 

This is an increasing topic of discussion amongst the information security professionals I’ve met in recent years.   It is vital that we raise this to the top of our agenda as the issue of connectivity will only continue to increase its dark shadow.