-- Published: Wednesday, 24 January 2018 | Print | Disqus
– Cyber war is increasing threat – Investors are not prepared for – Third most likely global risk in 2018 is cyber war say WEF – “Scale and sophistication of attacks is going to grow” – EU, US, NATO lay down ground rules for offensive cyber war – Ireland is viable target for attackers but is ‘grossly unprepared for cyber war’ – UK should expect attack that cripples infrastructure within 2 years – Trump administration may use nuclear weapons in response to cyber attacks – Cyber war designed to have a economic impact on countries – Invest in physical assets as well as digital assets & currencies – Avoid ETF and digital gold and own physical gold that is allocated and segregated
Editor: Mark O’Byrne
Cyber-attacks are the third most likely global risk for 2018, behind extreme weather conditions and natural disasters, according to a new report by the World Economic Forum.
Estimated to cost over $1 trillion per year, cyber-attacks are now more expensive than natural disasters which in 2017 brought in a bill of $300 billion.
“We are still under resourced in the amount of effort put into trying to mitigate this risk…Cyber is at or above the scale of natural catastrophes [in terms of financial damage caused] and yet the comparative infrastructure is much smaller in scale,” according to John Drzik of WEF report partner Marsh.
The World Economic Forum’s Margareta Drzeniek-Hanouz, head of economic progress, told a press conference that cyber-risks are affecting society and the economy in “new, broader ways.”
They now impact not just the corporate sector as we usually assume but also government infrastructures and the geopolitical sphere. Arguably we are also seeing them shape societies.
The report’s launch comes at a time when cyber-attack warnings are coming in thick and fast. Governments have been warned this week that they are grossly underprepared for an attack which could see politics taken out of the electorate’s hands, billions wiped from financial markets and chaos generally created between otherwise peaceful nations.
The average citizen and investor is only vaguely aware of these risks and has yet to “join the dots” and realise the real risks they pose to economies, financial markets and people’s online savings and investments.
This is becoming urgent and yet complacency is common place with financial media focus on soaring stock markets and parabolic crypto currencies.
Governments, financial service providers, banks, brokerages are all grossly underprepared for a cyber-attack which means that your assets are vulnerable.
This week at the incredibly ‘in-touch’ event that is Davos a public-private platform in the form of a Global Centre for Cybersecurity will be launched.
“Cyber-risk is rapidly emerging as a major headache in boardrooms of all sorts of institutions around the world,” Marsh’s John Drzik told the recent press conference. The new center for cybersecurity will, (launched with Interpol) be a “framework in which there will be a better opportunity for leaders of institutions across the public and private sectors to pool information on their intelligence and response capabilities to get ahead of the curve on a number of these risks.”
Hopefully this is not a case of too little too late.
Throughout the world, including in the United Kingdom and Ireland, experts have been very vocal about the dangers that face entire nations.
CEO of Ward Solutions, Pat Larkin has told the Irish government that they need to ‘wake-up’ to the risks facing the country’s cyber systems as they are totally under prepared for what may come.
The country is completely unprepared for the “doomsday scenario” that was seen in Estonia, in 2007, Larkin warned via the Sun.ie in the first week of this year.
Intermittent but continuous power outages, attacks on the financial infrastructure, the transport and water infrastructure — to the point where it is significantly impacting the commercial and social activities of the citizens and damages the country’s brand internationally and its economy — would be the worst case scenario.
In a warning that is relevant to all technologically advanced and vulnerable nations, Larkin said:
“A continuous drip-feed of cyber attacks would lead to very unstable environment — a targeted attack like that on Ireland could wreak havoc on the country.
It would have a major impact on everyday life for citizens and businesses.
But it would also be catastrophic for the country’s foreign direct investment.
Major companies come to Ireland to invest for a number of reasons — the talent, tax environment — but they also come here because Ireland is a very politically stable country with good infrastructure and good services.
This is the major challenge for Ireland. Given that we are not well prepared or protected, if someone really did decide to target us they could inflict continuous long-term damage.”
Meanwhile in the UK, Ciaran Martin, head of the country’s National Cyber Security Centre, has told the Guardian:
“I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack.”
A Category One (C1) attack can be defined as an attack that might cripple infrastructure such as energy supplies, banks (including ATMs) and the financial services sector.
Sadly it is not just country-based attacks that both Ireland, the UK and its contemporaries need to be aware of.
Ciaran Martin explains:
“What we have seen over the past year or so is a shift in North Korean attack motivation from what you might call statecraft – disrupting infrastructure – through to trying to get money through attacks on banks but also the deployment of ransomware, albeit in a way that didn’t pan out in the way the attackers wanted to.”
As well as North Korea, intrusions have been blamed on Russia, China and Iran. Some of these, Martin said, were espionage-based, scouting out vulnerabilities in infrastructure for potential future disruption.
Although the UK signed a treaty with China in 2015 not to engage in cyber-attacks for commercial gain, espionage was left out of the treaty.
“What we have seen from Russia thus far against the UK is a series of intrusions for espionage and possible pre-positioning into key sectors but in a more controlled form of attack from others,” he said.
The changing definition of war
What many nations in their cyber operations seem to be doing, including Russia and the U.S., is something that once would not have come under the definition of war. They (along with the likes of North Korea) are not using things that go ‘bang’ or cause physical harm and destruction.
Instead, they are using weapons which give them a greater advantage in this new multi-polar world which has made way for new forms of competing with one another.
In previous eras ‘war’ came about as a push for territory, now in this interconnected world, physical territory is easier to obtain once you have taken hold of the operating systems, the political system and even the minds of the electorate.
Whilst terrorism is still a priority for Western defence, a British Army Chief believes that the cyber threat, particularly from Russia is a more immediate concern.
As ever, let us hope that calm minds and the diplomats prevail and nations do not pursue the cyber war option.
Worryingly, this is not the attitude of the U.S. military and the Trump administration who, in simple terms, believe that the U.S. should use nuclear weapons in retaliation for a cyber attack.
That’s right, various drafts of the Nuclear Posture Review, as seen by the New York Times, suggest that the US would retaliate to a non-nuclear attack with nuclear weapons.
Journalists David Sanger and William Broad report in the New York Times that nuclear weapons can be used should an adversary conduct “non-nuclear strategic attacks … on U.S., allied, or partner civilian population or infrastructure.”
Quite simply, the new U.S. military doctrine seems to be threatening to nuke anyone who conducts a massively disruptive cyberattack on the power grid, water system or financial markets of the U.S. or its friends.
Cyber-attacks increase in cost and reach
Infrastructure generally means electricity, water, roads, rails etc to the general public. However, infrastructure in today’s connected world also means cloud based services, online brokerages and bank accounts.
If you use online services, even just email or online banking, then you are exposed to the cloud.
“If an attacker took down a major cloud provider, the damages could be $50bn (£36bn) to $120bn, so something in the range of a [Hurricane] Sandy event to a Katrina event,” warns WEF report author John Drzik.
Companies are well aware of this rising cost and are feeling the pinch already. In the summer of 2017 an attack more potent than WannaCry took a hold of a number of companies’ operations. The attack, NotPetya, went after vulnerabilities in Ukrainian accounting software but ended up causing serious damage to non-Ukrainian counterparties.
Large multinationals from Mondelez to Moller-Maersk, Reckitt Benckiser to FedEx, were forced to warn shareholders that the ‘NotPetya’ cyber attack had hit their bottom line, costing each company hundreds of millions of dollars. They said that the extent of the damage to their finances was not yet known but projected that the year’s revenue would be hit.
The price of a cyber attack varies significantly depending on the kind of breach a company suffers, a company’s size, industry and country, and how well prepared it was for an attack.
Overall, the cost of cyber security for companies rose 22.7 per cent last year to an average of $11.7m, mainly due to a rising number of security breaches. The number of breaches is up an average 27.4 per cent year on year, according to the Ponemon Institute’s Cost of Cyber Crime report. The report was based on 2,182 interviews from 254 companies in seven countries.
And ultimately who bears the brunt of these increased costs? The clients. You and I. That’s not just in monetary terms, its also in terms of risk and inconvenience.
It will be our data that will be increasingly exposed, our passwords that will need to be triple-verified, or our bio-metric data insisted upon in order to access our money and our money confiscated in bail-ins should banks get into difficulties again either due to hacking and cyber war or plain old bankruptcy.
Even then, with all the complex password and finger prints in the world, we cannot be guaranteed that our financial assets are safe. Why not?
Because so many of them are digital. They’re not real. Therefore, they can be manipulated, stolen and vanished should a cyber attacker choose to do so.
Trust people not systems
“Perhaps their strongest control is the human firewall; the person in the business,” says Larkin when advising on how companies can best protect themselves and their data.
Perhaps savers and investors should take the same approach and place increasing trust in assets which are tangible and which can be verified, handled, seen and taken delivery of.
This is not the first time that we have written about the growing threat of cyber terrorism. To many it is seen as scaremongering. A bit like nuclear war it seems to be something that is so far removed from our day to day lives that we cannot relate or appreciate the level to which a cyber attack would disrupt our lives.
All we are doing is reporting on what is already out there regarding the risks of cyber war. Security and defence chiefs, global economic organisations and private companies, governments and journalists are all sitting up and paying attention to these threats. But, many are still severely behind the curve when it comes to the potential impacts on investors and savers.
This is why investors need to stay one step ahead. Luckily for them it’s not as complicated as it is for those trying to protect the infrastructure of massive companies, governments and nations.
It is simply a matter of prudent asset allocation and diversifying into physical assets that cannot be deleted or transferred at the touch of a button: physical, allocated and segregated gold and silver bullion and coins.
The content on this site is protected
by U.S. and international copyright laws and is the property of GoldSeek.com
and/or the providers of the content under license. By "content" we mean any
information, mode of expression, or other materials and services found on GoldSeek.com.
This includes editorials, news, our writings, graphics, and any and all other
features found on the site. Please contact
us for any further information.
Live GoldSeek Visitor Map | Disclaimer
The views contained here may not represent the views of GoldSeek.com, its affiliates or advertisers. GoldSeek.com makes no representation, warranty or guarantee as to the accuracy
or completeness of the information (including news, editorials, prices, statistics,
analyses and the like) provided through its service. Any copying, reproduction
and/or redistribution of any of the documents, data, content or materials contained
on or within this website, without the express written consent of GoldSeek.com,
is strictly prohibited. In no event shall GoldSeek.com or its affiliates be
liable to any person for any decision made or action taken in reliance upon
the information provided herein.