Join our daily and weekly newsletters for the latest updates and exclusive information on leading AI coverage.
The World Economic Forum (WEF) should focus on cybersecurity, cyber defenses, and cyber-resilience to start rebuilding trust this year. Their latest global cybersecurity outlook report for 2024 highlights significant issues like cyber inequity, cyber insurance gaps, the shortage of cyber skills, the pursuit of cyber-resilience, and the creation of a stronger cyber ecosystem. By adopting a zero trust approach, the WEF’s cybersecurity vision can be fully realized.
The report, a collaboration between Accenture and WEF, was based on interviews with senior executives from 49 countries and found key insights:
– Geopolitical instability is the primary driver of global cybersecurity strategies, influencing 70% of leaders.
– Gen AI is expected to dominate cybersecurity technology in the next two years. About 55.9% believe it will give attackers an edge, while 35.1% think it will balance defenders. Additionally, 27% of CISOs plan to use generative AI for data enrichment in their SOCs.
There are growing concerns about the weaponization of Large Language Models (LLMs) and Gen AI, which are being used to develop attack tools and services like ransomware-as-a-service. Attackers are also leveraging tools like ChatGPT for large-scale social engineering attacks. The Ivanti 2023 report found that nearly one-third of CEOs and senior managers have fallen for phishing scams.
Almost all senior leaders know of a breach within their industry circle, with 98% of organizations having a relationship with a breached third party in the last two years. A significant 73% of leaders emphasize the importance of cybersecurity fundamentals, while only 13% believe human error will cause a breach in the upcoming year.
Embracing zero trust is crucial. Ignoring zero trust and cybersecurity can severely damage a business’s trustworthiness. Many companies, especially manufacturers, don’t report ransomware attacks to maintain trust with stakeholders. Meanwhile, ransomware incidents continue to grow, heavily impacting industries that neglect cybersecurity.
Nation-state attackers are becoming more sophisticated, using ransomware to steal cryptocurrency to fund various illicit activities.
Ransomware defense isn’t just a reactive measure but a proactive, everyday practice across all environments, from identity management to data protection.
Adopting zero trust means assuming breaches have already occurred and focusing on containing them. This approach involves treating all devices, endpoints, users, and systems as untrusted until they can authenticate. The NIST 800-207 standard offers a framework for implementing zero trust.
To enhance the WEF’s vision for cybersecurity with zero trust principles:
1. Secure Software Supply Chains: Ensuring better understanding and management of supply chains, as 54% of organizations fail in this area.
2. Least Privilege Access: Allowing only the necessary permissions for each session to improve resilience.
3. Microsegmentation: Although challenging, this is vital to effectively implementing a zero-trust framework.
4. Multi-factor Authentication (MFA): Designing MFA into workflows to minimize user disruption and exploring passwordless technologies.
5. Continuous Monitoring and Evaluation: Maintaining visibility and control over cyber threats, employing AI for real-time analysis and responses.
Ultimately, zero trust should be seen as a business accelerator. In 2024, cybersecurity investments will be evaluated based on their risk reduction and contribution to revenue growth. It’s essential to develop a flexible, adaptive security framework that evolves with changing needs.
Zero trust is crucial for any business aiming to grow in 2024, securing customer experiences and revenue. Trust is the key to growth, making cybersecurity investments fundamental to success.
Stay informed! Get the latest news delivered daily by subscribing to our newsletter.