Cyber crime is big business. According to one prediction, it will account for a staggering $10.5tn by 2025 – a figure that’s larger than the damage inflicted from natural disasters in a year. For added perspective, cyber crime is suggested to be more profitable than the global trade of all major illegal drugs.
Enhanced cybersecurity is the only means by which this challenge can be addressed, the report adds, but the approach to cybersecurity needs to be overhauled before the industry finds itself in any fit state to tackle the threat.
The World Economic Forum highlights ubiquitous connectivity and artificial intelligence among the areas that require intervention from the security and technology community.
As many businesses are discovering, devices, networks and services are “increasingly hyperconnected and interdependent, operating on sophisticated shared infrastructures.”
The sheer scale of this connected ecosystem is rapidly expanding the potential attack surface. With previously unconnected systems connecting to each other and to the internet, the risk to the confidentiality, integrity and availability of digital assets increases – whether data, information, algorithms or digital services.
“The potential implications in terms of compromise for industry and society are becoming more severe,” the report warns.
With new products and service-based models creating complex interdependencies between organisations, supply chains, sectors and individuals, incidents in one part of the ecosystem could harm systems dependent on it.
There is also a concern that high-value business assets will be connected to third-party systems whose owners assess them to be low risk and will not provide the appropriate levels of protection.
A failure to maintain the visibility and assign the accountability that is needed to assure end-to-end processes across multiple parts of the ecosystem could lead to gaps in security and heightened risk.
Artificial Intelligence is already being deployed by network defenders and those attacking them. The report says “it is difficult to tell where the balance of advantage will ultimately lie.” There is evidence of AI being used by attackers in the wild and the malicious use of AI is expected to accelerate and become increasingly sophisticated.
They will be able to take advantage of the speed and scale AI provides and the ability to craft more precise attacks by using deep-learning analytics to predict victims’ attack surfaces and game their defence methods.
But AI also has the potential to enhance the speed, precision and impact of operational defence and support organisational resilience. AI is already being used to support human defenders by augmenting and automating tasks usually performed by analysts. “These approaches are becoming increasingly deeply integrated into defensive responses within the cybersecurity ecosystem,” the report says, noting that the global value of AI in cybersecurity is predicted to reach $46 billion by 2027.
The widening cybersecurity skills gap, which is likely to grow as new technologies emerge, is a formidable challenge.
“Unless education and training are accelerated significantly, the workforce will not have the necessary cybersecurity capacity and mindset,” the report warns. “A lack of cyber literacy among leaders and innovators will prevent appreciation of the risks to organisations and the ecosystem, and prevent the necessary investments being made for cyber resilience.”
There is also concern security will not be considered to be an integral component of technology innovations. As a result, technologies “will be developed with little or no consideration for malicious threats. Without the right incentives to prevent this, there is a risk of insufficient security functionality.”
Given the complexity of supply chains and systems, “innovators will make false assumptions about the security inherent in the systems upon which their solutions are layered, causing hidden risk.”