Cyberattacks are increasing in volume and sophistication, affecting an ever-greater number of people and institutions. Through artificial intelligence (AI), the Internet of Things (IoT) and other new technologies, the threat surface and vulnerability are growing, spinning out in new threat areas facing citizens, consumers, companies and countries.
To fight increasing cybercrime, the global community needs to overcome three major challenges: lack of trust, lack of cooperation and a lack of adequate skills.
The first Annual Gathering of the World Economic Forum’s Centre for Cybersecurity ended recently with calls to action and the launch of several new initiatives by the more than 140 cybersecurity experts from government, business, academia and law enforcement to address these three challenges.
Klaus Schwab, founder and executive chairman of the World Economic Forum, stressed the need to ensure a cyberspace that serves as a trusted and secure backbone for the Fourth Industrial Revolution if its opportunities are to be realized.
“Cybersecurity is an absolute priority for the Forum,” he added.
Cybercrime has no borders
“Cybercrime has no borders. It affects every company, every industry and every country – therefore, we can’t fight it alone. The World Economic Forum is one of very few international organizations that understands the scale of the growing cyberthreat,” said Herman Gref, CEO and chairman of the board of Sberbank.
“The Forum’s efforts in connecting leaders from various countries and industries in times of the Fourth Industrial Revolution are absolutely invaluable.
“As a Founding Partner of the Centre for Cybersecurity, we believe that this initiative represents a huge leap forward in the global fight against cybercrime – by pooling resources with all the stakeholders, we can stop the proliferation of cyberthreats and make the digital world a safer place.”
“What happens to the rule of law when rule of law cannot be enforced,” asked Troels Oerting Jorgensen, head of the Centre for Cybersecurity.
Participants acknowledged the need for information exchange between the private and public sectors and law enforcement.
While companies collect extensive data on threats they have neither the power nor the mandate to pursue cyber criminals.
The public sector and law enforcement, on the other hand, would benefit from access to that data to more effectively combat cybercrime.
“Fortinet firmly believes in the importance of collaboration and information-sharing to combat cybercrime. Being named a Founding Partner of the new Centre for Cybersecurity is important for global multistakeholder collaboration and yet another step forward for our own mission to secure the largest enterprises, service providers and government organizations in the world,” said Ken Xie, founder, president and CEO of Fortinet.
Senior law enforcement officers shared information on existing and emerging cyberthreats with the multistakholder meeting.
They identified ransomware, social engineering, Darknet markets and – despite the security potential of blockchain – threats related to cryptocurrency as persisting concerns.
Physical convergence of IoT, offensive AI, cloud computing, data security and online channel threats will be “growth” areas for cybercrime in 2019.
Business executives that had recently experienced data breaches and cyber incidents shared their experience, highlighting the importance of direct access for chief information security officers (CISOs) to CEOs of the affected company.
Other companies introduced a security metric for all employees indexed to a quantitative score in their performance evaluations.
“To defend against cyber threats, we need to act collectively to make the internet a safer place. The World Economic Forum is bringing together major cybersecurity leaders from all over the world to collaborate on some of the most pressing cyber issues facing our society. As a leading provider of security consulting services globally, Accenture is looking forward to the opportunity to work with other companies to help drive innovations across our connected world,” said Kelly Bissell, senior MD of Accenture Security.
Experts from the investment community warned that as the cyberattack surface expands, incentivizing and measuring cybersecurity becomes more difficult and important.
Investors needed clear parameters and benchmarks to evaluate whether a company and its practices are cybersecure – an increasingly important step of due diligence.
Taking concrete steps
Meeting participants agreed to take initial steps towards developing a viable tool for the investment community to incentivize secure and responsible innovation. The results will be presented in New York in spring 2019.
Participants from the public and private sectors discussed the importance of clear and enforceable principles to guide behavior on our shared networks.
In light of the many alliances and accords being developed in recent years, most recently the Paris Call for Trust and Security, participants focused on the importance of developing effective operational steps to solve for trust-building and standards challenges.
CISO, government and law enforcement officials from 26 countries identified the lack of a sufficiently large and diverse talent pool as a major challenge to improve cybersecurity across sectors.
A dedicated working group on diversity and inclusion at the Centre for Cybersecurity highlighted significant discrepancies among the numbers of men and women in the cybersecurity workforce.
In North America, for example, women represent a mere 14% of those involved with cybersecurity. In Europe, female inclusion is 7% while in the Middle East, 5%.
Attempts to create a more inclusive cyber workforce should not stop at gender but also make the field more welcoming and attractive for professionals of more diverse backgrounds and cultures.