In a recent article published by the World Economic Forum, it categorized the great disruptions that the world would face as and I quote “Pandemics, Cyber-attacks and environment tipping points”. (link to article at the bottom)
The reality put forward by Covid-19 when it comes to tacking a global health crisis is that the collective effort of a society is as important as the individual efforts of people or organizations and maybe in some cases even more important. Putting Cyber-attacks into the same bracket as pandemics and environmental tipping point does not make it difficult to realize the analogy and the reality that we need to start tackling cyber security in similar fashion.
It is adamant to realize that a cyber security breach of an organization that is offering products or services be that a financial institution, e-commerce platform , healthcare provider or others has the potential to spread to other organizations through the fact that many organizations rely on each other’s services to offer a complete user journey or experience through API’s etc , but the scenario that worries me more , is what a follow on cyber-attack could do to the individuals who consume those products and services.
Exposing customer credentials from any service provider, can trigger attempts to leverage those credentials to access regular individual’s social media accounts, other financial institutions they may be using, private emails or even devices. While the cost of cyber breach to organizations is always tied to a monetary value in terms of either direct financial loss, loss of potential revenue or brand reputation, yet the impact on human life in the aftermath of regular individuals being victims of a mass scale cyber-attack is in my opinion unquantifiable.
Similar to the global response to Covid-19, its time the world realizes the need for coordinated cyber security measures to be taken across all organizations offering services to consumers online. Organizations need to realize the extent of impact to human wellbeing from negligence on applying proper cyber security practices on their side, repercussions are no longer limited to their own organization. Regulators, governments and the cyber security community needs to drive every organization offering services online to a minimum state of cyber security controls, those controls need to take the same priority or even higher as imposing taxes, renewing business licenses and should be subject to an audit.
The broader community specially organizations which have an aim of getting as much people connected to the internet specifically social media companies have an obligation to support the spread of proper cyber security practices exactly like they made easy access to Covid-19 information. Internet usage continues to grow, and companies continue to find new avenues to leverage the internet to offer services to consumers, they also have an obligation to inform and educate the average user on proper ways to protect themselves online….
…..In short it’s time for a collective response to cyber security issues, organizations do not just have a responsibility towards their own shareholders and customers, but to the wider societies they operate in.