CHAPTER 1
An Overview of Our Merged Physical and Digital Worlds and Cybersecurity

We are now living in a disruptive era of technological growth known as the Fourth Industrial Era. The merging of digital, physical, and biological systems is referred to as the Fourth Industrial Revolution (4IR), or Industry 4.0. This new period of development is radically changing economies, societies, and industries.

Klaus Schwab, the founder, and executive chairman of the World Economic Forum (WEF), is credited with coining the phrase fourth industrial revolution. This idea was first presented in his 2016 book with that name. In it, he talks about how new technologies that are starting to intersect with the digital, biological, and physical worlds—such as artificial intelligence (AI), the Internet of Things (IoT), and robotics—have transformed entire industries, economies, and communities.1

We find ourselves depending more and more on the complex web of linked systems and gadgets that support our contemporary existence as the digital fabric of our lives keeps growing. With this Malthusian growth and exponential development of human and technological connectivity comes risk, especially in the cyber digital realm, which is the symbiotic connection between technologies and digital security. It includes innovation, productivity, privacy, and ethics, but cyber digital is most commonly referred to as the cybersecurity element. The complexity of cybersecurity dangers and their worldwide repercussions have significantly expanded in the past few years due to a difficult geopolitical environment and changing technologies.

Emerging technologies are having a wide range of effects on cybersecurity strategies. The overall value of digital transformation for industry and society might reach over $100 trillion by 2025, according to a recent announcement made at the annual WEF gathering in DAVOS.

The announcement touched on the amazing potential:2

Examples of societal value generated by digitization include mass adoption of autonomous vehicles and usage-based car insurance, which could save up to 1 million lives a year worldwide by 2025. In the electricity sector, a cumulative reduction in carbon emissions worth $867 billion by 2025 could be achieved through the adoption of digital technologies, principally through smarter asset planning.

The pace of innovation can be illustrated by the fact that, while it used to take Fortune 500 companies an average of 20 years to reach a billion-dollar valuation, digital start-ups are reaching the same milestone in just four years. The research suggests that, once limitations preventing the mass-market commercialization of enabling technologies such as battery storage and wireless charging are overcome, the pace of change could accelerate.

However, the digital transformation of industries comes with risks attached that will require careful management by all stakeholder groups. One such risk is inequality, which could be exacerbated if access to digital skills is not made available to all. Another is trust, which has been eroded by growing concerns over data privacy and security. This will only be overcome with improved norms of ethical behaviour.

As the WEF noted, digital technology and cloud-based platforms are fully being integrated into this emerging ecosystem. It will catalyze a new era of innovation and automation that affects many industries and verticals, including finance, energy, security, communications, and health. This is already happening at a rapid pace as businesses are using public, private, and hybrid clouds and computing is moving closer to the computing edge.

There is little doubt that the COVID pandemic ushered in a new era of exponentially increased digital connectedness, which has altered the security paradigm. Due to the widespread adoption of remote work by many businesses and organizations, as well as the increased interconnectedness of PCs and smart gadgets that are being brought online from all over the world, the digital attack surface has significantly increased. Targets are everywhere for hackers.

The hackers are quite capable and well funded. Most ominous is that various criminal enterprises, belligerent nation-states, and loosely associated hackers are among the increasingly sophisticated cyber threat actors. All companies, regardless of size, are now targets that can be reached, and any breach might jeopardize their operations, reputation, brand, and income streams. This also applies to consumers.

By 2025, the research firm Cybersecurity Ventures estimates that the cost of cybercrime will amount to $10.5 trillion from multi-vector breaches.3 That is a frightening statistic because it is bigger than the gross national products (GNPs) of most economies of countries on the globe.

Five Reasons for the Increase in Cyberattacks

The increasing frequency and potency of cyberattacks is not surprising. The number of cyber breaches is still rising for several reasons. In this section I share just five of them, but they are key ones to consider.

For one thing, as more people and data go online globally, the surface area for cyberattacks grows. This implies that there will be more chances for malware to infect computers and for targets to become digital. The increasing number of computers and devices people connect to means more opportunities for phishing and distributing malware.

Hackers who are motivated by financial gain tend to target the low-hanging fruit. Working from outside the office has changed the paradigm of cybersecurity by expanding the attack surface area. That led to essentially millions of connected offices. The quick shift to remote work brought about by COVID-19 made businesses’ already inadequate cybersecurity readiness profile even worse. The increased attack surface situation increased the temptation for cybercriminals to exploit weak home office and remote work device defenses through ransomware, spear phishing, credential stuffing, and other illegal methods.

Although the COVID scare has diminished, it is estimated that nearly half the US labor force is still working from home. Home offices are not as protected as the fortified office sites that have more secure firewalls, routers, and access management run by their security teams. So, if you are one of those people working remotely, make sure you have upgraded security on your devices and certainly a backup of your critical data!

Second, the sophistication and skill of cybercriminals have increased, as shown in their cyberattacks. Hacker tools are readily available everywhere, and in addition, cybercriminals are using AI and machine learning tools to automate their attacks. Their attacks are now more deadly, more calculated, and faster as a result. Businesses are no longer protected by obscurity because hackers can now spread malware to anybody and automate vulnerability scans.

The use of ultra-realistic visuals and mimicry has made social engineering and phishing intrusions more accessible. It is more difficult to recognize a phish. The days of receiving misspelled bank emails from princes overseas and being asked to click through to receive money in an account are long gone.

What is even scarier is, according to the Swiss Cyber Institute, 1.5 million new phishing websites are made monthly.4 It is probably a lot more than that because they have to be detected to be counted.

The basic cyber reality nowadays is that anyone can easily fall for a targeted phish, especially if it pretends to be an email from a higher-ranking employee. CEOs in particular are not immune to clever spear phishes.

Third, hackers and the dark web are more likely to exchange advanced hacking kits and tools. When the bad guys find a vulnerability, they usually spread it quickly throughout their groups. Marketplaces selling “zero-day exploits” have occasionally appeared on the dark web; sadly, it is difficult to shut them down fast enough before significant harm is done. Zero-day exploits are a type of cyberattack that use a security hole in software, hardware, or code that hasn’t been fixed yet. This is compounded because many businesses continue to use antivirus software that is outdated and is not patched, even despite efforts to promote cyber hygiene.

Fourth, the emergence of cryptocurrency has made it simpler for criminals to get paid for ransomware. Hackers like to use cryptocurrencies or prepaid bank cards because they are difficult to trace.

And crypto can be a target in itself for hackers. The fact that cryptocurrencies like Bitcoin and others are kept in digital wallets rather than banks has made them targets for hackers. Because these wallets lack the levels or layers of cybersecurity protections required to safeguard the currency owners, they are an ecosystem of easy targets. Hackers can use covert software to mine cryptocurrency on your computer in addition to ransomware.

Fifth, the extreme paucity of qualified cybersecurity professionals in the field has created vulnerabilities and opportunities for criminal hackers. There are not enough skilled cybersecurity workers to handle demand and counterattacks. Both the public and private sectors find it challenging to stay up-to-date with the most recent malware patches and to continuously monitor the ever-evolving threat horizon as the volume and cost of breaches continue to rise. Unfortunately, there does not seem to be light at the end of the tunnel in solving the global shortage of cyber technicians despite many efforts to attract people to the...