Going Beyond the Cybersecurity Headlines at this year’s World Economic Forum

Going Beyond the Cybersecurity Headlines at this year’s World Economic Forum

Last week I was at the World Economic Forum in Davos, where this year’s theme was ‘rebuilding trust’. Organisers convened the 54th annual meeting of WEF, calling for a “spirit of open and constructive dialogue between leaders of government, business and civil society”, and the importance of this cooperation in the cybersecurity context cannot be overstated.

What did I learn? Well, I’ve picked out some recurring conversations that came up over the week (not including the many chats about how cold we all were in snowy, minus six degree conditions) and jotted my thoughts down on their impact on cyber in 2024.

Reporting, regulations, and red tape

I have written previously about the need for sharing actionable threat intelligence and I am glad last year saw key pieces of legislation take effect, like that from the U.S. Securities and Exchange Commission (SEC) which requires the disclosure of “material” threat / breach incidents in four days, as well as annual reporting on cybersecurity risk management, strategy, and governance.

I spoke to many cyber folk and business leaders about the minefield that is regulatory reporting. Generally, our consensus was that the next step should be the harmonization of reporting regimes. Prior to Davos, I was in Washington D.C. talking to policy makers about this exact issue, as presently it takes an army of lawyers to go through legislation with a fine-tooth comb to understand what needs to be reported on and when. One thing is for sure, the increasing bite of regulation will continue in 2024.

Keeping pace with new technology is as important as ever

Never is the need for actionable threat intelligence truer than in the case of rapidly evolving technologies. This includes, but is not limited to, AI, the focus of so much discussion at Davos and the subject that stole the headlines in my panel with CNBC , which you can watch in full here. ?

In a wide-ranging conversation on CNBC’s wonderful ‘Sanctuary’ stage, AI represented just one part of the complex matrix that is cybersecurity in 2024 – a year that I believe will see an escalation in the tempo of new cyber threats emerging, as well as the response they demand. For example, there is a continued need to pay attention to application security in the year ahead, and organisations will have to spend more energy on that this year than they did in 2023.

Elections, geopolitics, and digital warfare

2024 is a year that The Economist reports will hold 76 global elections, a stat which had not gone unnoticed by the majority I spoke to at Davos. We all recognised a huge potential for political campaigns to manipulate social algorithms.

However, one needn’t look ahead to the ballot box to see the cyber world shaping geopolitics, but to Russia’s war on Ukraine or the Israel-Palestine conflict. Digital warfare broke new ground in 2023, a worrying trend set to continue this year – both in the denuding capabilities of opposing forces and in the supply of disinformation. This nation state activity has a flow down effect on businesses and we must stay vigilant to how we reassess risk against this backdrop. I voiced these exact concerns in this short clip from the CNBC panel. ?

?Integrated security from top to bottom, side to side…

One point I reiterated in my conversations during the week was that despite the continual drumbeat of threats, there is cause for optimism. Indeed, one of the developments that I am most optimistic about for 2024 is the industry’s ability to reimagine threat actors and laser in on where key information exists within processes that will allow us to greater protect supply chains.

This is particularly true in case of critical national infrastructure, the source of so much geopolitical cyberwarfare. With growing expectations and regulation, sub-contractors to critical national infrastructure chains will have an increasingly important role to play. The cyber-attack on DP World Australia – and calls from the Maritime Union of Australia to launch a government investigation into the details – is a real-world example of these greater expectations. Tightening up supply chain security is something I expect to see a lot more of in 2024, as we are forever seeing vicarious victims of attacks. ?

Organizations are still very conscious of ransomware

Reflecting on my discussions, one of the things that hit me was the interconnectedness of many of the issues. Geopolitical issues and ransomware attacks may be thought of in isolation, but it was the prevalence of ransomware attacks that led to the creation of the Ransomware taskforce, a joint effort by US and UK governments. It was also ransomware attack that brought a major U.S. gas pipeline to a standstill in May, prompting President Biden to declare a state of emergency. Only now are we truly beginning to see the material legacy of the colonial pipeline hack and the flurry of legislation that has followed (arguably belatedly) in its wake.

It may not get the headlines, but ransomware attacks will continue to wreak havoc this year, exploiting known vulnerabilities and causing trillions of dollars of impact. Speaking to our customers, so many of my conversations are around having backups to critical data and scenario planning for attacks – it’s not all in the tooling, and often it is about how prepared are you to respond holistically to an attack from all functions of your business spanning comms to finance.

We’ll see secondary and tertiary ransomware attacks, both stopping organisations working and stealing information with the threat of leaking this data to third parties (see the British Library breach from late last year). Cyber criminals are running increasingly sophisticated operations, deploying whole ecosystems of access brokering, social engineering, and even malicious software running help desks.

And of course, the biggest talking point of all… Artificial intelligence!

And yes, then there is AI. Unsurprisingly, the biggest topic of Davos this year – barely a passing chat, panel session, news article, social media post… (you get the idea) was without these two important letters. And for good reason; it’s changing not only the cyber landscape, but our everyday lives by the minute.

For more on AI, check out the second panel I joined, this time with WISeKey SA , titled: “AI Unleashed: Ensuring Safety and Leveraging Decentralistion”. You can watch it in full here, where I was also proud to be presented with the Davos 2024 Entrepreneurship Innovation Medal.

With that I’ll leave you with a question: “When was the last time you saw a badly typed phishing email?”

What’s that got to do with AI? Find out why I asked my fellow panelists and what my answer was in the WiseKey session!


Mikel Salazar Pe?a

Director de Ciberseguridad en DXC Technology para Espa?a y Portugal | CCISO CISM PMP

10 个月

Thanks Mark!Inspiring and visionarie talk and more important, focusing in real worries of our customers! ????????

Christi Paul

Cyber Risk Governance

10 个月

Amazing

Cristina Dolan

MIT Alum | Engineer | Cybersecurity?? | Cloud | AI | ESG | Founder & IPO | TEDx | CRN Channel ??| CEFCYS CYBER??

10 个月

It was wonderful to meet you in person last week in person in Davos! I really enjoyed our panel!!!

Mark Minevich

Chief AI Officer | C-level | Strategist | Venture Capitalist | ex-IBM ex-BCG | Board member | Best Selling Author | Forbes Columnist | AI Startups | Founder of most influential think tanks | ????

10 个月

Wonderful meeting you Mark Hughes

Ian Whiteford

LinkedIn Top Voice | Founder @1%HR | Director @Windranger | Fractional CPO | Strategic HR Leader | HR Innovator in Crypto & Web3 |

10 个月

It sounds like your experience at Davos was truly enriching! ??Your commitment to capturing these reflections on paper is commendable.In the realm of cybersecurity discussions at Davos, were there any particular insights or perspectives that stood out to you?

要查看或添加评论,请登录

社区洞察

其他会员也浏览了