Takeaways from the World Economic Forum Global Cybersecurity Outlook for organizations’ strategies
so it's a nice afternoon of June isn't it now imagine your St your day started really well there was almost no Queue at your favorite coffee place on your way to the office you're now sat at your desk typing away your report you need to send your bus before the end of the day and suddenly your screen goes black and a message starts appearing as you read through it you start getting a rush of panic going through your veins the message that is appearing is asking you to pay your Ransom to recover your data as you look around the open space and you look at your colleagues you see the same sense of fear in their eyes your organization just got hit by a ransomware so your bust is definitely not going to get that carry part that he needed by the end of the day and your plans for barbecue that night are definitely going for a task this scenario as you know is not happening in a hypothetical future it's been happening for years and it will continue happening um in the future and that really shows us that cyber security is a business issue so my name is Joanna buchart and I'm lead in the center for cyber security of the world economic forum in my previous roles I used to work with organizations that had been hit by cyber attacks and also ransomware and I was passionate about helping them identify and prioritize the risks that mattered most to them and implement the action so that we can avoid those type of scenarios to happen in the future so now at the world economic Forum which is by the way the International Organization for public private collaboration I lead and convince multi-stakeholder communities to tackle Global cyber security challenges so most of you have this conference today or at the Forefront of digitalization within your own companies and most likely you believe in the benefits that it can bring to society as a whole but does that digital literacy come with cyber security awareness so cyber attacks occur on a daily basis as you can see the average cost of a data bridge is 4.35 million dollars and only almost half of Business Leaders believe that cyber security is a key business enabler on top of that there is a lack of 3.4 million cyber experts on the market to secure Society at Large as I said before cyber risk and cyber attacks have business consequences as we could see in the scenario earlier and with the increasing complexity and interconnectivity of digital systems the Cyber threats is only growing bigger so in this presentation I'm going to share with you some key takeaways from our Global cyber security Outlook report which is the flagship report of the center for cyber security and it's we it is released every year in Davos and it's one of the most downloaded reports so the center for cyber security just to give a bit of context was founded in 2018 upon the recognition that cyber security was a topic that needed to be tackled on its own and globally and also our mission is to reinforce cyber security as a strategic imperative and Elevate cyber risks to an executive and board level audience I'm also going to refer to the global risks report which is a report you may already know and gathers perceptions of leaders globally on what are the key risks that affect society today so now let's have a look at a short video of key cyber leaders cyber security the is like cut a mouse criminals on the Defenders but the risk is asymmetric attackers need to find one vulnerability one time to achieve their goals cyber Defenders need to defend everything all the time it is relatively safe to commit cyber crimes because of jurisdictional issues and right now is really profitable business model for criminals no company is too small to be a victim of a Cyber attack and we've seen that over and over in the past few years we see these attacks taking place at National infrastructure we know that if we lose electricity if we lose water then people are vulnerable people who have illnesses they die this is not just about causing inconvenience [Music] much with cyber security today as practiced is firefighting because it has to be we used to think of it as castles and moths the thought of all of my networking has to happen within the confines of the perimeter that I'm responsible for I think that idea has shifted there are more and more devices connected to the internet and it's all very convenient but cyber criminals know how to attack those devices people can work from home they can work on a business trip they can access from different organizations that are third parties so the perimeter has to be understood differently cyber security is not only at the perimeter but in every transaction it's not about having a team of cyber experts saving the world because it would work it's about adding everybody to be conscious about the risk so that they can play their role and responsibility of Serbia leaders is to make this responsibility everyone's responsibility we're dealing with a multi-stakeholder problem but we're still living in a world where there is no Global governance neither the public nor the private sector will be able to manage the cyber security war that is happening those that have a common enemy need to work together when we talk about true private and public sector cooperation it's effectively passing the ball to the public sector in a way that the public sector can understand and use technical information the pressure is on for us to become more collaborative more effective and to move more quickly so as the metaverse develops as Quantum Computing comes online we're ready to work with those experts who truly understand those new harms that we can't even think of cyber is not a risk that you can make disappear but it's a risk that you can manage if you become agile and proactive and you come with the right talent and skills to face a challenge all right recognized who from hpe featured in this video and you can tell me after the talk so now looking at the global risk Horizon you can see in Violet here that widespread cyber crime and cyber insecurity is the only technological risk that features both on the two and the 10-year Horizons also according to the global risk's perception survey cyber attacks on critical infrastructure is among the top five risks for 2023 so cyber is a massive threat and amplifier and its exacerbating current crisis take for example the energy crisis back in May 2021 the colonial pipeline hack halted the operations and also reduced almost by half the gas and jet fuel supplied to the east coast of the United States even four states declared a state of emergency it can also exacerbate other other crises like the food crisis for example when JBS a global Meat Processing Company was attacked it threatened the food supply across different countries so as attacks become more frequent and more mediatized leaders become more aware of the Cyber threats and as you can see a vast majority of business and cyber leaders now think that Global geopolitical instability is moderately or very likely going to lead to a catastrophic cyber events within the next two years so while catastrophic cyber event is not a prediction per se it is telling about how Business Leaders now start perceiving more and more to cyber threats but there's a caveats to make here because hearing is not the same as listening and although you know the significance of disciple threats has been heard in boardrooms and executives whether to cyber risk is really understood in a way that organization can tackle efficiently cyber risks in is another question so 2022 was marked by armed conflict in Europe so it prompted the analysis of the link between geopolitical instability and cyber risk and it is a fact that geopolitical instability does exacerbate cyber risk geopolitical tensions might be responsible for greater volatility in the character of cyber threats so the impact of cyber attacks take more time to be understood and is more uncertain than physical attacks and this is why cyber attacks are not always used to reach kinetic effects in armed conflict it can be used as a softener while launching another attack as an amplifier of an attack or even to apply psychological pressure in a country uh with that in mind 74 of organizational leaders believe that Global geopolitical instability has influenced their cyber strategy and due to geopolitical volatility about half of cyber and Business Leaders intend to re-evaluate the countries in which they do business so that also means that companies tend to focus in men's Investments on day-to-daysitical Cyber defense instead of strategic long-term longer term investments so now at an Enterprise level we ask what were the key concerns of leaders overall and ransomware came first about 50 percent of cyber leaders ranked it as their primary concern and 80 percent see it as a dangerous evolving threat to Public Safety companies with low tolerance for downtime or ideal targets now social engineering and malicious inside of threats both feature second and third cyber attacks are a relatively easy crime to commit especially with generative Ai and new technology is coming into the mix the reason is that for example the entry barrier is quite low you can purchase a Cyber attack on the dark web for maybe ten dollars and even like more sophistic and more sophisticated attacks uh usually provided as a service can cost a few hundred dollars another reason why cyber crime is relatively easy to perpetrate is that the risk of prosecution is quite low as you know cyber criminals usually use complex Network and hop from country to Country to cover their tracks and therefore it requires a lot of collaboration between different countries to be able to prosecute them the world economic forum is actually leading the way in in that space with their partnership against cyber crime where we are really convening multi-stakeholder dialogues between private companions who usually Garner a lot a lot of data on cyber crime and law enforcement agencies worldwide who have the remit to prosecute cyber criminals a third reason why cybercrime is relatively easy to commit is that the reward is fairly attractive so according to sofo's software company the average payment of a ransom is around 200 000 and even when it's not about ransomware a data bridge is then the data collected is then put on the dark web and sold and it's quite lucrative as well so cyber criminals are quite agile they are quick to use new technologies to amplify their attacks and they're always also very good at collaborating together so and critical infrastructure sectors are particularly easy targets the names of critical infrastructure sectors vary from country to country but the general understanding and the essence is that they are all essential for the maintenance of vital societal functions so it's no surprise that there was a hundred and forty percent increase in cyber attacks against European critical infrastructure since the start of the war in Ukraine and cyber attacks on critical infrastructure rank among the top risks with the greatest potential impact on a global scale at the world economic forum and in the center for cyber security with we're especially focusing at the moment on the sectors of oil and gas manufacturing and electricity um right so one theme that comes back across sectors is the supply chain cyber security a few attacks that brought to light the importance of supply chain cyber security or for example solar winds in 2020 and caseya in 2021 but no later than a few days ago we had also an attack on British Airways boots and a few other companies that really brought to light again the fact that the supply chains are very vulnerable and or a vector of attacks and that shows that a vulnerability on one company can reach thousands of organizations and with the increasing complexification and interconnectivity of Supply chains including the increasing number of software suppliers this risk is only growing so 90 of organizational leaders are concerned about that risk so it is key for companies to build trust with their third parties and also to encourage collaboration on Cyber incident response cyber resilience and also encourage information sharing across the ecosystem so to correct the market and reduce the risks states often introduced regulations and regulations have long been considered burdensome but attitudes are actually slightly slightly changing we can see that 73 percent of respondents of our Global cyber security Outlook survey agree that more effective enforcement of cyber and privacy regulation would increase their organization's cyber resilience in 2022 this was only 38 percent so the reason is now that leaders have a better understanding on how proper enforcement and supervision of regulations raises not only their cyber maturity but also that of their whole supply chain that is goes without saying that advancements are still needed regulations are still fragmented worldwide from country to Country and from region to region there's also a limited tailoring of the regulations per sectors and per Industries and there is often insufficient consultation prior to deregulations being released so the Forum is also driving multi-stakeholder consultation on those regulations especially with the electricity community and the Cyber resilience in electricity initiative where in 2021 in it actually released a commentary on the new European directive for network and information security news 2.0 another area where the Forum is quite prominent into leading some efforts is working on Cyber governance issues so governing cyber risk at an organizational level is key and as you can see 95 percent of business Executives and 93 percent of cyber Executives so the vast majority agree that cyber resilience is integrated into their Enterprise risk management this is in contrast to 2020 or 2022 when actually only half of cyber leaders felt so an example of advancements going on is the National Association for corporate directors the nacd in the US with who the Forum partnered to develop its principles for board governance on Cyber risk in 2021 now added encouraging systemic resilience and collaboration to their guidance for corporate boards so that means that cyber security collaboration is now considered best practice across the U.S for Boards of directors last but not least many organizations are understanding or undertakings or large digital transformation to look for the best-in-class innovation but adding new technology on top of I.T Legacy systems usually adds complexity and vulnerabilities to the estate so this is why security by Design's principles must be put in place from the onset when adding new technologies um although some other Technologies like Quantum can be can seem far on the horizon the fact is that the pace of development of technology is very fast at the moment while organizations take time to evolve and change so it that's why also to to stay purely benefits from this technological advancement organizations need to act now to understand the Cyber risks that are posed by it for example everybody is talking about generative AI at the moment yes it does have tremendous opportunities for business but it also increases some cyber risks and our cyber leaders at the moment are discussing it together to really grasp what is going to be the impact and because of the volume of data it uses because of the unpredictability of some some of its outputs and the complexity of the algorithms generative AI has also some some has some risks for example you can think about misuse of the technology by your employees or you could think about confidentiality of the data that's fed into it or even have questions about intellectual property around it so now initial actions are being taken by organizations to mitigate those risks implementing governance around it are also convening working groups to discuss about the topics or examples but those are mainly tactical and siled efforts and it's why we really need multi a multi-stecular approach to analyze and govern that technology particularly so right if you want to learn more about cyber security AI or actually any other topics that you're interested in you can come to the world economic Forum booth for a demo of our transformation Maps which is a strategic intelligence tool it's a fully tailored map actually that helps you understand the big picture and prioritize the trends in any themes that you're looking at it's built on the world trusted research and Cutting Edge experts as well with many different universities and you're also warmly invited to join the security Spotlight session this afternoon at 4 30 PM in The Innovation theater where Bobby Ford is going to speak as well as Stefan Morgan Teller our head of strategic intelligence thank you very much I'm just going to be there if you have any question [Applause]
2023-06-25 12:04
