On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland.
Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.
Geopolitical tensions – a breeding ground for cyberwarfare
One unavoidable topic at this year’s meeting was the ongoing war in Ukraine and many other geopolitical tensions worldwide. Unsurprisingly, this rise in tensions saw increased nation-sponsored cyber activity throughout 2022. According to the WEF Global Cybersecurity Outlook 2023 report, geopolitical instability will likely lead to a “catastrophic” cyber incident within the next two years.
A prime example are the recent “Killnet” attacks that targeted healthcare organizations in the U.S. and Europe. The attacks came shortly after the U.S. government supplied Ukraine with 31 modern tanks to fight the Russian offensive.
Several heads of state in Davos were particularly interested in participating in cybersecurity conversations to better understand how cyber risk impacts national security and how they can protect their critical infrastructure and national assets. Governments worldwide will need to grapple with the appropriate regulatory frameworks to stay ahead of attacks like these.
SecurityScorecard CEO Alex Yampolskiy, with Edi Rama, Prime Minister of Albania, and James Harding, Co-Founder and Editor, Tortoise Media, World Economic Forum 2023
Cybercrime campaigns are well-funded
Governments are becoming a crucial funding source for cybercrime organizations as they align with nation-state goals. This has led to a significant increase in attack frequency and sophistication. Faced with dangerous, well-funded threats, organizations have become more volatile to attacks, further raising the need to prioritize cybersecurity.
“This is a global threat, and it calls for a global response and enhanced and coordinated action,” said Jürgen Stock, the Secretary-General of INTERPOL, during the WEF. This includes improved cooperation between the public and private sectors and between like-minded countries. More shared data and a quantitative understanding of risk can empower organizations and governments in tackling the common enemy.
Cybersecurity is a high priority for many organizations
On a positive note, C-suite leaders were eager to participate in conversations around cybersecurity during Davos. For example, the WEF session “Securing Critical Infrastructure” was attended by several business leaders, including the Co-Founder of Tortoise Media (see the image above).
This means that organization leaders are ready to listen and learn how to improve cyber resilience to deal with impending threats. Investment in automation and other technologies is necessary to keep up with the ever-evolving threat actors.
“In 2023, more organizations will prioritize fully automated response technology, as the impacts from a successful breach now far outweigh the risks of these newer technologies, which in turn, frees their people up to focus on how the business can become more cyber resilient”, said James Nunn-Price of Accenture in the company’s cybersecurity predictions for 2023.
CEOs reinforced the resilience in spending on cybersecurity. In an interview with CNBC, ServiceNow’s CEO Bill McDermott made the case that digital transformation is growing eight times faster than the overall economy, and we will not have a recession for IT spending in the coming year. Splunk CEO Gary Steele also said he sees “great resilience in cyber spending.” Cisco CEO Chuck Robbins said in an interview with Yahoo Finance that Cisco continues to invest heavily in cybersecurity, including a possible acquisition of a cybersecurity company, and emphasized that cyber remains “one of the big discussions” for Davos participants.
Cyber and privacy regulations can improve resilience
As highlighted in the WEF’s Cybersecurity Outlook 2023, 76% of business leaders and 70% of security leaders believe that further enforcement of cybersecurity regulations can positively impact their organizations’ cyber posture.
Security regulations are particularly important in protecting critical infrastructure. Market forces alone have not produced sufficient resilience against cyber threats. Therefore, some government intervention is advisable. In Davos, we saw positive signs that politicians are aware of the cyber threat and want to participate in conversations to drive change.
Security-focused business culture
Since human error plays a role in 82% of security breaches, it’s no surprise that most cyber leaders that participated in a WEF survey see increased employee security awareness as the key element in improving cyber resilience. Empowering employees to adopt cybersecurity best practices allows them to be part of the solution and reduce human error.
Security professionals must look beyond their own team and determine how to offer crucial insights that support the organization-wide adoption of cyber-risk strategies.