Recent data reveals that 43% of organizational leaders anticipate cyber attacks impacting their businesses within the next two years. This growing concern is underscored by the increasing sophistication of cybercriminals, who now operate with business-like efficiency. The vital question arises: how can we effectively prepare to combat these threats and foster cooperation and innovation in cybersecurity?
These topics were at the forefront of the “Open Forum: Cracking the Code” panel organized by the World Economic Forum. Moderated by Ann Cleaveland, Executive Director of the Center for Long-Term Cybersecurity at UC Berkeley, the session featured a dynamic discussion among distinguished panelists: André Kudelski (Chairman and CEO, Kudelski Group), Kathy Liu (Global Shaper, London I Hub), Lauren Woodman (CEO, DataKind), and Michelle Zatlyn (Co-Founder, President, and COO, Cloudflare).
Context
The panel provided an insightful overview of the current business landscape for organizations, highlighting several key factors impacting our cyber environment:
Escalating cyber attacks. The World Economic Forum’s Global Cybersecurity Outlook 2023 report indicates that 43% of organizational leaders expect to confront a cyberattack within two years. Michelle Zatlyn emphasized this point, noting a 30% increase in cyber attacks last year compared to the previous year. These attacks increasingly exploit social engineering techniques like phishing or target widespread software vulnerabilities within our technology stacks.
Interconnected digital environments. Zatlyn pointed out the role of our progressively digitalized lives in enabling these attacks. The surge in Internet usage, which spiked during the COVID-19 pandemic and remains high, is a contributing factor. Notably, 57% of Internet traffic stems from APIs utilized by organizations to interconnect services. However, with only a third of these APIs adequately protected, they present a lucrative target for cybercriminals seeking exploitable vulnerabilities.
The rise of digital nomads. Kathy Liu highlighted the lifestyle shift among younger generations, such as Millennials and Gen Z, who embrace technology for its flexibility and connectivity, leading to a larger digital footprint. This tech-savvy generation, often living as digital nomads, prioritizes a frictionless digital experience. However, their technological fluency does not necessarily translate to cybersecurity awareness, presenting unique challenges in this domain.
Risks and challenges
Navigating the complex cyber threat landscape and improving resilience against cyber attacks presents various challenges. The panelists identified key factors that significantly impact global cybersecurity posture:
Prevalence of phishing attacks. Phishing remains the most frequent cyberattack form, witnessing a staggering 220% increase in incidents in 2021. Cybercriminals exploit trust and emotional responses through sophisticated social engineering techniques. André Kudelski highlighted that these attacks often serve as a precursor, identifying vulnerable targets for subsequent, more severe attacks.
AI: a double-edged sword. AI and tools like ChatGPT, while simplifying our lives, also streamline the operations of cybercriminals. As noted by Kudelski, they enable personalized, scalable attacks, particularly in social engineering. Kathy Liu emphasized the growing realism in AI-generated phishing attacks, which are increasingly challenging to detect. The misuse of AI for creating deepfakes adds another layer of complexity, as observed by the panelists, underscoring an asymmetry where attackers, unconstrained by regulations, rapidly adopt new technologies.
Quantum computing: a future threat. Beyond AI, quantum computing looms as a transformative force in cybersecurity. André Kudelski pointed out that current encryption methods might soon become obsolete, posing significant risks for long-term data protection.
Cybercrime as a business. Ann Cleaveland and André Kudelski stressed the financial motivations behind most cyber-attacks, noting the sophisticated business models of cyber criminals. These adversaries are well-funded and organized, often targeting the most vulnerable rather than the most secure systems. This asymmetry, where success only needs to occur once for the attacker, poses a continual challenge for defenders.
Security measures and user Experience. Kathy Liu and André Kudelski observed that while security controls are essential, they often complicate user workflows. This complexity can lead users to seek workarounds, potentially increasing their risk exposure and probability of a successful attack.
Non-profit sector vulnerabilities. Lauren Woodman highlighted the unique challenges non-profit organizations face in keeping pace with technological advancements. With fewer resources than the private sector but similar technological needs and vulnerabilities, non-profits often become easy targets for cybercriminals with ideological or political motives.
Recommendations
To outpace cybercriminals and improve cybersecurity capabilities, organizations must implement a series of strategic actions. The panelists offered the following high-impact recommendations:
Know your enemy. André Kudelski emphasized the importance of adopting the perspective of cyber criminals, who often explore system behaviors beyond intended functionalities. We tend to design the systems by defining what they should do, while cybercriminals try to exploit the system behaviors when they are not functioning as designed.
Enhancing cyber awareness. Given the prevalence of phishing and social engineering, increasing cyber awareness is crucial for businesses and individuals. Kathy Liu highlighted the need for heightened scrutiny in communications, especially for requests that deviate from established patterns.
Leveraging emerging technologies. AI is a double-edged sword; while it empowers cybercriminals, it also strengthens defensive measures. Michelle Zatlyn noted the growing reliance on AI for enhanced cybersecurity services. Kathy Liu pointed out AI’s potential to bridge the 3.5 million skill gap in cybersecurity. She advocates using AI to automate routine tasks and focus human efforts on mission-critical activities like communication with the business and strategic decision-making.
Prioritizing user experience in cyber solutions. The panel agreed that user experience is critical in cybersecurity design. Each security control adds friction to the frictionless experience expected by the users, so we need to understand which controls are adding value and which are not. As Michelle Zatlyn put it, the goal is to “keep the bad guys out and make it easy for everyone else.” André Kudelski underscored this by stating, “The best security is the one you do not see.” This philosophy calls for a balance between robust security and user convenience.
Cybersecurity as an interdisciplinary field. Kathy Liu stressed the interdisciplinary nature of cybersecurity. She advocated influencing organizational cultures to ensure a unified understanding and vocabulary around cyber issues. In her view, we need more teamwork and shared responsibility for cyber topics across all organizational levels.
Making cybersecurity more accessible. To foster collaborative cybersecurity efforts, it is essential to make the field accessible to those outside the cyber and technology sphere. Kathy Liu suggested integrating cybersecurity discussions with relatable topics, making them more tangible and relevant. Kathy Liu suggested communicating cybersecurity topics in connection with other topics people care about to make cybersecurity issues more tangible and meaningful.
Incorporating cybersecurity in new technology adoption. In the rush to adopt new technologies like AI, Lauren Woodman cautioned about the need for due diligence. Organizations should leverage their cybersecurity experience to mitigate risks and prevent new vulnerabilities.
Further reading
To deepen your knowledge about the topics discussed during the session, you can refer to additional resources published recently by the World Economic Forum, which I found insightful:
Global Risks Report 2024. This report presents a comprehensive survey on the evolving global risk landscape, drawing on insights from 1,490 experts. It highlights cybercrime and the potential adverse outcomes of AI technologies as top risks. Additionally, the report offers a broader perspective on various risks you can consider when conducting a thorough threat landscape assessment.
Global Cybersecurity Outlook 2024. Focusing on organizations’ challenges in enhancing their resilience against cyberattacks, this report provides valuable insights. A summary is available on the WEF website, along with the option to download the full report.
Cybersecurity Futures 2030. This report delves into the intersection of digital innovation and cybersecurity. It explores potential developments in digital security over the next five to seven years, making it a valuable resource for understanding external factors impacting the cybersecurity landscape.
Quantum Security for the Financial Sector. Developed in collaboration with the Financial Conduct Authority, this report provides guidance for businesses and regulators on the secure adoption of quantum computing technologies, with a specific focus on the financial sector.
