The World Economic Forum (WEF) Global Risk Report refers to Aadhaar breach, despite the Government’s denial earlier
Two cyber security risks—data fraud/theft and cyberattacks—have been identified as the most likely risks for 2019 by the World Economic Forum (WEF), in its recently released annual Global Risk Report (GRR) for 2019. While extreme weather events, future of climate change mitigation and adaptation and natural disaster rank as the top three most likely global risks for 2019, data fraud/theft and cyberattacks follow at 4th and 5th most likely global risks for this year.
Both these risks figured among top five most likely global risks in 2018 too. WEF classifies the risks into five categories—Economic, Environmental, Geopolitical, Societal and Technological. It is significant that the five most likely risks are either environmental or technological.
The WEF GRR is based on its Global Risk Perception Survey (GRPS).
The WEF Global Risk Report also ranks the risks in terms of impact. While none of the technological risks feature among the top five most impactful risks for 2019, two such risks feature among the top 10. Cyberattacks is the seventh most impactful risk, while critical information infrastructure breakdown features as the eighth most impactful risk. The risks that feature among the most impactful risks include weapons of mass destruction, extreme weather events, future of climate change mitigation & adaptation, natural disasters, water crises and bio-diversity loss and ecosystem collapse feature as the most impactful risks.
Four technological risks have been identified by the GRR as top global risks. Apart from data theft/fraud, cyberattacks, and breakdown of critical information infrastructure, adverse consequences of technological advances too figure as one of the top global risks, albeit towards the bottom of table. Data fraud/theft also figures somewhat lower in the list of risks when it comes to impact, even though it features as one of the fourth most likely global risks.
Breakdown of critical information infrastructure featured as one of the top five most impactful risks in 2014 but since then, no other technological risks have featured in the list of top five most impactful risks.
Dissecting technological risks
According to the GRR 2019, a large majority of respondents expected increased risks in 2019 of cyber-attacks leading to theft of money and data (82%) and disruption of operations (80%).
Around two-thirds of respondents expect the risks associated with fake news and identity theft to increase in 2019, while three-fifths said the same about loss of privacy to companies and governments.
“Cyber vulnerabilities can come from unexpected directions, as shown in 2018 by the Meltdown and Spectre threats, which involved weaknesses in computer hardware rather than software. They potentially affected every Intel processor produced in the last 10 years,” said the report.
“Last year also saw continuing evidence that cyberattacks pose risks to critical infrastructure. In July the US government stated that hackers had gained access to the control rooms of US utility companies. The potential vulnerability of critical technological infrastructure has increasingly become a national security concern,” it added.
The report said the second most frequently cited risk interconnection in this year’s GRPS was the pairing of cyberattacks with critical information infrastructure breakdown.
“Machine learning or artificial intelligence (AI) is becoming more sophisticated and prevalent, with growing potential to amplify existing risks or create new ones, particularly as the Internet of Things connects billions of devices,” it notes quoting research by IBM and others published earlier.
Among the most widespread and disruptive impacts of AI in recent years has been its role in the rise of “media echo chambers and fake news”, a risk that 69% of GRPS respondents expect to increase in 2019, the report said. Researchers last year studied the trajectories of 126,000 tweets and found that those containing fake news consistently outperformed those containing true information, on average reaching 1,500 people six times more quickly. One possible reason cited by researchers is that fake news tends to evoke potent emotions: “Fake tweets tended to elicit words associated with surprise and disgust, while accurate tweets summoned words associated with sadness and trust.” The interplay between emotions and technology is likely to become an ever more disruptive force, the report notes.
Interestingly, the GRR unequivocally refers to the Aadhaar data breach, reported widely last year but later denied by the government.
“Malicious cyberattacks and lax cybersecurity protocols again led to massive breaches of personal information in 2018. The largest was in India, where the government ID database, Aadhaar, reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens,” the report says.
“It was reported in January that criminals were selling access to the database at a rate of INR 500 for 10 minutes, while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers,” it says quoting BBC and ZDnet reports.
In October last year, after a similar report by security vendor Gemalto’s popular Breach Level Index, the Government got into a denial mode and the vendor had to retract its claim and apologize.
It remains to be seen how the Indian Government reacts to the observation made by the World Economic Forum’s report.