- Enhanced cybersecurity is the only means by which the challenge can be addressed as the next wave of cybersecurity risks will not be a continuation of these challenges, and incremental progress will not be enough to stop them.
- Security must be more proactive and future-proof if the industry needs to out-innovate the attackers.
Bengaluru: Approach to cybersecurity needs to be overhauled before the industry finds itself in any fit state to tackle the threat.
Enhanced cybersecurity is the only means by which the challenge can be addressed as the next wave of cybersecurity risks will not be a continuation of these challenges, and incremental progress will not be enough to stop them, industry experts said.
Covid-19 has led to an acceleration of cyberattacks targeting those working from home, hospital systems and financial institutions.
In under a decade, cybersecurity has emerged as one of the most important systemic issues for the global economy.
Collective global spending has now reached $145 billion a year, and is predicted to have exceeded $1 trillion in the period between 2017 and 2021. Incidents and attacks continue to rise, but this is only the tip of a new and growing problem.
According to new research from F5 Labs, phishing incidents rose 220 per cent during the height of the global pandemic compared to the yearly average and the number of phishing incidents in 2020 is now set to increase 15 per cent year-on-year, though this could soon change as second waves of the pandemic spread.
Cybersecurity Ventures said that cybercrimes are likely to become more profitable than trading in major illegal drugs by 2025, with the costs expected to reach $10.5 trillion annually from $6 trillion in 2021.
“The dynamics of cybersecurity are changing,” Will Dixon, Cybersecurity Lead at World Economic Forum, said.
“We have been doing cybersecurity the same way for the past 15 years and it’s not going to work anymore. What has changed is that now, the criminals of the future can easily exploit these emerging technologies and our growing interconnectivity at a scale not seen before. The good news is that there are ways to protect our personal data, mitigate the impact on global trade and security and ensure our society isn’t hit with another shock,” he said.
Nikesh Arora, Chief Executive Officer and Chairman at Palo Alto Networks, said that the days of fragmented security are behind us.
“Security must be more proactive and future-proof if we are to out-innovate the attackers.”
Broader action is required
Ken Xie, Founder, Chairman of the Board and Chief Executive Officer at Fortinet, said that there must now be a different approach to cybersecurity as the current approach is unsustainable.
Quantum computing, artificial intelligence, digital identity systems (such as e-passports) and the ubiquitous connectivity of devices and networks are transforming the foundations of cyberspace and have brought the industry to a watershed moment.
Professor Sadie Creese at the University of Oxford said that the research points to the likelihood of systemic cyber-risks, and a potential cyber-resilience deficit if no action is taken and It is important that organisations can confidently embrace new technologies and the benefits they bring, and that will involve many cybersecurity challenges to be met.
“The action required is broad. Success will be premised on strong leadership who understand the issues and can set an agenda which will encompass social responsibility and opportunities for economic growth,” he said.
Growing cyber capability gap
Moreover, he said that managing the risks will require businesses and governments to address three things – filling capability gaps with new cybersecurity tools, creating policy interventions that incentivise collaboration and accountability and galvanising leadership action from businesses to plan more strategically around emerging risks so the most critical infrastructures do not fail society.
According to WEF, cybersecurity specialists and information security are roles in high demand as companies race to adopt encryption and security measures.
WEF has urged the security and technology community, industry and government leaders and the international community to play key roles in developing these new capabilities.
“There is a growing cyber capability gap. To tackle the threats of tomorrow, companies and countries need to expand their capacity, this means jobs, and a lot of them,” Dixon said.
World now faces five major challenges:
- Skills gap. There is already a global capacity shortage in cybersecurity (specialists and throughout the wider workforce), and as new technologies emerge, the skills gap in delivering cybersecurity will widen.
- Fragmented approaches. Emerging technologies are driving an increasing interdependence and entanglement between policy and technology at a time when the global governance of cyberspace is weak.
- New approaches. Existing operational-security capabilities and technologies will not be fit for purpose and so mitigating threat and responding to incidents individually and collaboratively will require new approaches.
- Under-investment. Security is not being considered as an integral component of technology innovations and as such, proper investment isn’t being made into support (knowledge, guidance, research investment) and incentives (market forces, regulation) for developing emerging technologies securely.
- Ambiguous accountability. Shared dependence widens the pool of actors affected by the resilience of a part of the ecosystem, built can also create ambiguity in the accountability for ensuring this resilience.