KUALA LUMPUR (Jan 18): Financial losses from global cybercrime are expected to grow 15% per year over the next five years, reaching US$10.5 trillion (RM45.5 trillion) by 2025.
In its State of the Connected World 2023 Edition report, the World Economic Forum (WEF) said growing reliance on connected devices and related technologies have made organisations, governments and individual users increasingly susceptible to cyberthreats, making the ability of connected devices and related technologies to protect individuals from cyberattacks a leading concern.
It said the uptake of wearable devices, smart homes, sensors, thermostats and other applications of Internet of Things (IoT) and related technologies for individuals, businesses and governments has provided a host of vulnerabilities that can compromise the entire connected system.
An attack on one element of an IoT ecosystem is often aimed at compromising the larger system, such as attacks on cameras, which can communicate with smart assistants and unlock connected doors. It is important to recognise the potential risks that IoT and its many applications pose and how manufacturers and providers can better prepare these devices and services for their users to safeguard themselves.
The report said users’ awareness continues to be a challenge.
The prevalence of poor security practices and knowledge, such as weak passwords or an inability to identify phishing emails, has contributed to weaker security systems.
Furthermore, technical limitations, such as the lack of basic security measures including basic encryption in default configurations, make systems and devices more prone to malicious attacks.
A general lack of transparency in the market is another predominant risk factor as nowadays individuals know little, even about the basic characteristics of the devices and their potential vulnerabilities.
The WEF said current cybersecurity regulations lack standardisation and are fragmented around the world.
It said this often means organisations must develop and adhere to different requirements for each state, country or region where they may do business.
Consequently, this also means that enforcing and holding organisations accountable for implementing best practices and following guidelines become challenging given that no clear standards exist.
Security considerations tend to be included late in the design and prototyping phase, leading to unsecured devices and allowing malicious actors to breach systems and connected devices.
The notion that security measures can be “add-ons” has strongly contributed to the reactive nature of cybersecurity in the realm of IoT and connected devices.
Finally, the ever-changing nature of IoT and its many applications means that malicious actors are always finding new ways to attack systems and devices.
A device that is secure today may not be tomorrow.
Connected devices are increasingly connected to intellectual property with some form of exposure to the internet and are expected to be operating past the typical life cycle of most electronics.
Devices are increasingly exposed to malicious attacks when hardware is no longer compatible with the necessary software to ensure protection.