Continued ransomware attacks, a fast-evolving generative artificial intelligence landscape, and the increasing vulnerability of supply chains could create a perfect storm of cyber security vulnerability in the months and years ahead, an expert with the World Economic Forum has said.
Compounding the problem is the continuing talent gap in the cyber security field, warned Akshay Joshi, head of industry partnerships for the World Economic Forum’s Centre for Cyber Security.
“This is all happening against a backdrop of a 3.3 million [person] shortage of cyber security professionals,” Mr Joshi said on the sidelines of the 2023 Global Cyber Security Forum in Riyadh.
“It’s an alarming issue where concerted public and private action is required to bridge that gap to make sure we have the right talent in place to address the key concerns in cyber security going forward.”
According to the World Economic Forum’s 2023 Global Risks Report, widespread cyber crime and cyber insecurity were among the top ten global risks both in the short and long term, when ranked by 1,200 experts across academia, business, government and civil society.
Its Global Cybersecurity Outlook for this year warned about the fast-changing technology environment that potentially leaves more people vulnerable than ever to cyber crime or cyber attacks.
“The threat landscape has become increasingly volatile,” the report said. “Professionalised cyber criminal groups have continued to grow and create a higher volume of new attack types.”
Perhaps most alarming is the reactive, rather than proactive, nature of the battle to fight cyber crime, according to the report.
“Attackers have a structural advantage: they need to find only one exploitable weakness across an organisation,” the report stated.
“That means attackers have less ground to cover than a defender and the attacker can often adapt faster than organisations can defend or recover.”
What is cyber crime and how can I protect myself online?
Mr Joshi pointed to a 2021 cyber attack against an American subsidiary of a Brazilian meat processor, JBS, as an example of just how serious cyber security vulnerability can be.
“It's a threat multiplier,” he said, referring to the potential domino effect of cyber security vulnerabilities, supply chains and various industries.
That particular ransomware cyber attack shut down the meat processor’s computers in exchange for a ransom demand and forced the company to cut production significantly.
In the end, the company paid approximately $11 million to the cyber attackers to restore normal production.
That type of cyber attack, according to Mr Joshi, could also potentially be replicated and attempted on energy and healthcare companies.
As for AI, Mr Joshi warned that phishing attempts, where people are manipulated into clicking links that may extract and compromise data, combined with the automation of generative AI, could also make it more difficult to stay safe.
“The sophistication and pace at which the phishing attempts can be deployed has gone up significantly,” he said, emphasising that cyber criminals tend to be quicker to jump on board with new and emerging technologies.
The continuing battle adds to the struggle to keep and retain cyber security talent, according to Mr Joshi.
“You always have to be on [the clock]”, he said.
“In such intense environments, prioritising the well-being of employees is very important,” he added, noting the need to add a mental wellness framework to the cyber security field.
This year’s Global Cyber Security Forum, held under the theme of ‘Charting Shared Priorities in Cyberspace’, sought to advance the global cyber community “towards aligning on strategic priorities” and “deepen multi-stakeholder engagement,” according to organisers.
The event was hosted by Saudi Arabia’s National Cybersecurity Authority, which was established in 2020 during the kingdom’s G20 Presidency.
