EXPERTISE SERVICES: DRR VOICES BLOG
In recent weeks, stay-home COVID-19 mandates have pushed crowds of people to work from home, often for the first time. Workers have turned to communication platforms such as Zoom, Webex, Hangouts and Skype, as well as simpler ones like email and file sharing.
Training and experience have prepared established online professionals for cyber-attacks. But many of these new digital workers have little experience and context for cyber security. This sudden increase in the use of digital tools has exposed a lot of personal data and program information.
Increase in attacks and damage expected
Recent incidents illustrate this growing risk:
All these problems will worsen over time for two reasons. The sheer volume increase in digital transactions will bring with it a commensurate increase in attacks. But the number of affected organizations will also increase through cascading effects. Indeed, the impact of an initial attack can cascade to all the interconnected systems. For instance, a cyber-attack on a trucking company could impact food security. The disruption could affect weekly food deliveries to supermarkets. In turn, the loss of revenue would weaken the business sustainability of distributors and producers.
Addressing systemic risk with the Global Risk Assessment Framework (GRAF)
Years before the Covid-19 pandemic, the UN Office for Disaster Risk Reduction (UNDRR) began to explore the potential management of long-term risks around the globe under a Global Risk Assessment Framework (GRAF). This framework enables officials to manage the overall risk accruing from specific events rather than focusing on isolated hazard analysis and response. This shift was articulated in the 2015 Sendai Framework, and work has been underway since then to deploy helpful management tools and strategies supporting a systemic approach to risk.
While traditional hazard definitions do not explicitly include cyber risk, systemic approaches call for an increased focus on this modern cyber disaster environment. Indeed, cyber risk can rival with other hazards in terms of reach, extent of damage and future cascading damage. The 2019 Global Assessment Report (GAR19) explores this topic in a contributing paper focusing on the cascading risk of cyber-attacks, using food security as a case study.
Recommendations for policy makers
What can policy leaders and managers do to reduce the impact of current and future cyber risks driven by the migration of work to an online environment? Here are some simple steps:
The COVID-19 pandemic is a dramatic illustration of the systemic nature of risk. As we move away from a hazard-by-hazard approach, DRR professionals need to improve their understanding of cyber-risk and its potential cascading impact.