Global challenges for cybersecurity resilience were outlined in a recent report from the World Economic Forum. The report, Global Cybersecurity Outlook 2024, analyzes the state of inequity in achieving cyber security, the impacts of geopolitics on the cyber risk landscape, the effects of emerging technologies such as Artificial Intelligence (AI), and the shortage of qualified people to address these security challenges.
Cyber Inequity on the Rise
The report stresses that there is a growing divide between organizations that have developed mature systems for protecting sensitive data and those struggling to develop effective defenses from cyber threats. Small and medium enterprises (SME) are among those most affected by this disparity, especially those located in underdeveloped economies.
Aside from having less than adequate cyber resilience, only 25% of SMEs carry cyber insurance as compared with 85% for organizations with 100,000 or more employees. This should cause alarm given the number of data breaches occurring and the fact that many SMEs fail to recover from these cyber attacks.
Geopolitical Influences and the Threat Environment
Numerous nations are involved in nefarious activities aimed at global supply chains and critical infrastructure. This is causing CISOs to adapt their cybersecurity postures and strategies. Geopolitical influences are also targeting societal and political entities with deepfakes and phishing campaigns weaponized against elections. Areas of concern outside of the private sector are misinformation, automated disinformation, data privacy, and algorithmic manipulation of social media data.
Skills Gap in Cybersecurity Landscape
There is a worldwide supply deficiency of a capable workforce for the design, implementation, and maintenance of systems for the protection of sensitive information. In the report 20% stated that they do not have the necessary skills in their organization to accomplish their cyber objectives. Additionally, there is an ongoing challenge of retaining what skilled personnel an organization has in its employ.
Organizations are opting for certifications and short educational courses in lieu of formal university education fill this gap. Many small organizations who face revenue issues are encouraging employees to upskill because they cannot afford to hire qualified personnel.
A Changing Risk Environment
Organizational leaders are concerned about loss of access to goods and services and cyber extorsion. Of those polled, 29% stated that their companies had experienced such situations in the last year. This is especially of concern because more than 60% of these leaders outside of Europe and North America do not carry cyber insurance.
Other perceived risk of high concern were loss of money or data, identity theft, and being monitored. When queried as to significant barriers to achieving cyber resilience business leaders cited lack of resources, cost of evolving from legacy systems, cultural resistance, not knowing where to start, lack of executive support, and a perception that the risk does not warrant the investment.
Emerging Technologies
A number of emerging technologies have created challenges for cyber resilience. Most industry leaders reported that they felt more exposed to cybercrime than in previous years. The use of new technologies by cybercriminals increase both the speed and adaptability of their attacks. Despite these trends most cyber leadership queried stated that they would maintain their focus on established cyber practices.
Top Management Buy In
A positive take away from this study was in the numbers of business leaders that are concerned about cybersecurity and are actively engaged with their information security programs. Over 90% of cybersecurity leaders trust their CEOs to communicate externally about cyber issues. This is important because an essential component to a cyber resilience program is its integration into the enterprise risk management processes.
Governance Issues
While many governments are actively promoting cyber resilience many critical gaps still exist that have yet to be addressed. One such issue is the imbalance of responsibility for security between technology producers and consumers. There is a real need for shifting responsibility for ensuring for safety from organizations and individuals who purchase technology to the producers of these technologies.
The current status is representative of immature industries. As in other sectors, governance will have to step in to ensure that players in technology play an appropriate part in the necessary maintenance of trust of goods throughout their life cycles.
Moving Towards a Better Future
Collaboration is a key factor in bettering the cyber environment. Organizations must share responsibility with suppliers, partners, regulators, and industry peers. The entire structure is only as strong as its weakest link. Most industry leaders are not optimistic about such collaboration in the immediate future.
Views on regulations are positive with regard to reduction of risk in their organization. Unfortunately, many leaders felt that regulations were too numerous and often conflicting internationally. They also stated that often the requirements were too technically difficult to achieve and required excessive resources.
Supply Chain Cyber Resilience
Given that collaboration is essential in maintaining information security, it is concerning to note that 54% of parties queried felt that they had insufficient knowledge vulnerabilities in their supply chain. Again this cyber maturity gap was more pronounced in medium and small companies. The importance of this issue was illustrated in that 41% of the organizations had experienced a cyber incident that originated from a third party.
Take Aways from the Report
Global challenges for cybersecurity will remain a concern for the foreseeable future. The struggle for medium and small organizations to design, implement, and maintain effective solutions to the threat landscape will effect all in the global economy. There are no simple solutions to these issues. In all probability the an organization’s ability to adopt best practices and be a trusted partner will determine its long term survivability.
CVG Strategy Information Security Management System Consultants
Global challenges for cybersecurity are a concern to organizations of all sizes. While those in business leadership roles are increasing aware of the importance of cyber resilience, resources and necessary talent are often in short supply. To assist businesses to meet the challenges in adopting a variety of requirements, including NIST and CMMC 2.0, CVG Strategy has developed an approach that combines these requirements with ISO 27001 Information Security Management System. This provides a coherent methodology for implementing and maintaining essential cybersecurity for businesses of any size.
It involves processes, facility security, people, and IT systems to engage in best practices. It also involves a constant improvement approach so that threats can be continually assessed and addressed as they evolve. This business system can help your organization remain vigilant against economic espionage and cyberattacks conducted by China and other nation states.
We can help you meet your information security management system goals. CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors. We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more.