WEF 2024 sheds light on building a better cyber ecosystem
Foreword
Hello, user_name!
The WEF Global Cybersecurity Outlook 2024 document holds great importance today. We have seen rapid advancement in online security in recent years. However, organizations are still fighting day in and day out with increasing cyber threats. In this article, we’ll go over the recent WEF report on cybersecurity and talk about trends, challenges, and strategies, all of which can shape cyber resilience.
Share
Understanding the current landscape
Cyber threats are growing in sophistication, ranging from ransomware attacks to nation-state-sponsored espionage. Think about it like this: if cybercrime were to be considered a country, it would be the third largest economy after the US and China. Why, you ask? Well, because its damages are expected to cost $10.5 trillion by 2025.
The more technology is enabling an interconnected world, the more the cyber threat landscape expands. The WEF report positions itself in this context, offering us a lens to see the current state of cyber threats. It recognizes the urgency of addressing these challenges head-on to safeguard our interconnected societies.
Key findings
The best way to implement the «Redefined Trust» is to start with security, resilience, and defense in the cyber landscape. The current report sheds light on key challenges we are facing today. These include growing gaps in cyber inequity, cyber skill shortage, and cyber insurance. WEF, in collaboration with Accenture, conducted a study based on interviews with senior executives from 49 countries. Some of the key findings include:
Geopolitical instability as a driving force
Today, the unpredictable nature of global politics is a major force driving cybersecurity concerns worldwide. A whopping 70% of leaders acknowledge that the instability in geopolitics significantly shapes their organization’s cybersecurity strategies. The best example of this finding we have today is the cyber war between Russia and Ukraine, which is considered the largest military conflict of the cyber age.
Growing cyber inequity is a concern
There’s a growing gap in cyber resilience between organizations that can handle cyber threats well and those that struggle with them. As per the report, larger businesses have leap-forged to cyber resilience. But things aren’t so good for the smaller ones. The number of hits they’ve taken is almost double that of their larger counterparts. To top all off, the number of organizations with just a little resilience to cyber threats has dropped by 30%.
Modern technology may exacerbate the situation
Adding to the challenge, the report highlighted that upcoming technologies will make existing problems with cyber resilience even worse. This, in turn, will widen the gap between organizations that are really good at handling cyber threats and those that are not so great.
Interestingly, 55.9% foresee Gen AI giving attackers the upper hand.
35.1% think it will maintain a balance favoring defenders. Notably, 27% of surveyed Chief Information Security Officers (CISOs) plan to integrate Gen AI into their Security Operations Centers (SOCs) to turn the data quality of alerts and enrichments up a notch.
LLMs becoming more weaponized
Another growing worry, highlighted by the report is the potential weaponization of large language models (LLMs) and the use of gen AI to develop malicious tools and applications. This trend is gaining momentum, as seen in the increasing prevalence of weaponized LLMs.
Leaders are particularly troubled by how gen AI and LLMs contribute to the creation of attack products and services, such as ransomware-as-a-service and FraudGPT. To make matters more alarming, attackers are utilizing models like ChatGPT to scale up social engineering attacks and gather data for large-scale phishing assaults.
Skill shortage affecting cyber resilience
Another challenge highlighted by the report is cyber skill and talent shortage. Half of the smallest organizations accepted they lack cyber skills or are unsure if their existing skill resources can handle the current threat landscape.
In addition, 52 percent of public organizations said the shortage of resources and skills is their biggest challenge while designing their cyber resilience strategy. Looks like the small businesses and public organizations aren’t doing really well.
Cyberattacks are taking centerstage
The report has highlighted a startling statistic: a staggering 98% of organizations have relationships with at least one third-party entity that has suffered a security breach within the last two years.
In addition, almost every senior leader is aware of a colleague in their industry whose company has experienced a cybersecurity breach. So, it’s not an isolated issue. It’s become something that’s pretty similar to the Coronavirus, but in the cyber landscape, of course.
Efforts to close security gaps
Faced with these challenges, cybersecurity leaders are emphasizing the importance of reinforcing cybersecurity basics to plug potential gaps. A substantial 73% of leaders are actively focusing on these fundamentals.
On the flip side, only a small percentage, just 13%, believe that human error will be the primary cause of a breach in their organizations in the coming twelve months. It seems as if these 13% are pretty confident with their staff, but is it something they’ll regret?
Factors affecting cyber resilience
The report highlighted a key issue: security leaders feel they can’t tackle these challenges unless they have the right people and skills. On the other hand, business leaders find these challenges a bit more manageable because they’re not as involved in the day-to-day tasks of making sure their systems can withstand cyber threats.
The report goes on to say, «The hurdle will get even higher as organizations hurry to embrace generative AI and other new technologies». But the thing is, most organizations either don’t update their old systems or do it much slower than they add new tools and tech. This expands their tech footprint and increases the risk.
What’s more, bigger organizations, burdened with older technology, find it harder to help and keep an eye on smaller businesses in their supply chain. This puts a strain on support systems in the overall network and makes the inequalities we talked about earlier even worse.
Strategies to create a secure cyber ecosystem
In response to the challenges and trends outlined, the WEF proposes a set of strategies aimed at building a better cyber ecosystem. The key points emphasized to boost cybersecurity are:
- Integrate Cybersecurity into Business Strategy – Treat cybersecurity not just as a protective measure but as a strategic tool that helps the business grow.
- Stick to the Basics – Keep the fundamental security measures strong and in place consistently.
- Consider Economic Factors: Understand how economic factors play into cybersecurity risks and impacts.
- Make Cyber-Resilience Part of Business Strategy – Ensure that the ability to withstand and recover from cyber threats is a central part of how the business operates.
- Sync Cyber-Risk Management with Business Needs – Align the management of cybersecurity risks with what the business requires.
- Build Cybersecurity into Organizational Design – Make sure that the way the organization is structured and operates fully supports cybersecurity measures.
Key takeaways
The WEF report highlighted that the challenge of maintaining strong cyber resilience is turning into a win-or-lose situation. The ability to adopt best practices, compete for skilled talent, and afford the necessary tools is increasingly deciding which organizations thrive and which struggle.
If the existing inequality does not end here, we’ll continue to see leading organizations quickly adopting new technology while others struggle to keep up with the basics for trust and security. This, along with mixed incentives in digital systems, will widen the digital gap in the years ahead. Given that everything is connected in the digital economy, these negative effects will compound, affecting everyone.
That said, it’s better for everyone to work together and create a secure future free from cyber threats. But this isn’t something easy. It’ll involve setting the right priorities, fostering an organizational culture that values cybersecurity, and ensuring fair access to talent, technology, and security tools for everyone.
