2021 was the year cybersecurity became everyone's problem
This year marked a turning point for malicious attacks on computer systems, fueled by a rise in nation-state attacks and ransomware.
Why it matters: Once a worry mostly for IT leaders, the risk of a cyber intrusion is now a top concern for CEOs and world leaders.
Driving the news:
- May's Colonial Pipeline attack helped drive that message home, as did ransomware attacks on cities and hospitals — emphasizing the very real world impact that cyber attacks can have.
- Meanwhile, the current Log4j flaw shows just how vulnerable our digital systems are. It's a single piece of open source code, but it is used so broadly and the flaw so fundamental that it potentially opens nearly every business and government to attack.
The big picture: Evidence that cybersecurity has become the big issue abounds. Foreign Affairs devotes the current issue to the topic, while J.P. Morgan International Council identified it as the most significant threat facing businesses and government in a report released Thursday.
Between the lines: One can never permanently "win" the battle against malicious attacks, but it is possible to be losing the fight. 2021 definitely felt like a year in which the attackers had the upper hand.
- The combination of cryptocurrency and ransomware has proven to be especially tough to fight as it is often in the business interests of a victim to pay up rather than take the risk of data loss or even a business disruption.
The rise in cyberattacks has also made for thorny diplomacy among nation states. With physical attacks, there has been a relatively clear line that acts as a deterrent, even for nations with significant conflicts. But in cyberspace, the division is murkier.
- “The domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space,” former deputy director of national intelligence Sue Gordon and former Pentagon chief of staff Eric Rosenbach wrote in a Foreign Affairs piece.
- “In trying to analogize the cyberthreat to the world of physical warfare, policymakers missed the far more insidious danger that cyber-operations pose: how they erode the trust people place in markets, governments and even national power,” argues Hoover Institution’s Jacquelyn Schneider, in another Foreign Affairs article. “Cyberattacks prey on these weak points, sowing distrust in information, creating confusion and anxiety, and exacerbating hatred and misinformation.”
What's next: Leaders are calling for much tighter cooperation between businesses and governments as the key way to fighting back. Also needed, many say, is an international agreement on what is and isn't permissible, in much the way the Geneva Convention sets limits on traditional warfare.
Yes, but: The U.S. government is still woefully short of workers with needed cybersecurity skills.