Dubai, UAE — AI is a double-edged sword, simultaneously creating opportunities and challenges across industries. As the threat turf evolves, cybersecurity experts call for cross-border cooperation and proactive resilience strategies.
Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum (WEF), says that while AI accelerates the detection and management of threats, cybercriminals also leverage this technology for sophisticated attacks. TRENDS spoke with Beato on the challenges and opportunities of AI today.
Q: How effective is AI in fighting cybersecurity attacks?
Filipe Beato: Artificial intelligence (AI) is scaling cyber risks but can also be a force multiplier to address the large and dynamic threat environment. AI allows automation, speed and scale, ensuring successful security of the modern dynamic threat landscape. Although AI doesn’t represent the silver bullet, it can be a perfect add-on to help cybersecurity practitioners automate and scale the capacity to identify and analyze cases while finding and classifying events and defining efficient parameters for network policies, reducing the number of exceptions and outliers. Cybercriminals are increasingly leveraging generative AI for social engineering and impersonation, and offering it as a subset to the Software-as-a-Service model. AI can support cyberattacks by enhancing data poisoning, data leakage, enhancements in live dialogue, improved reconnaissance, and spear phishing techniques.
When it comes to empowering cyber defenders, some of the short-term, “low-hanging fruit” ideas include using AI to reduce toil and free up manpower. Some functions include alert, triage and prioritization as well as speeding up anomaly detection and supercharging pattern recognition and using AI to make better use of threat intelligence.
What digital economy sectors are the most vulnerable and likely targets for data breaches?
Some high-impact/high-likelihood approaches revolve around leveraging AI to classify vulnerabilities and to patch them, to accelerate data processing and for configuration management. AI could also be used as a security advisor (“AI-CISO or “virtual CISO”), to make software secure and to streamline decision-making by rationalizing limited resources with context.
Cyber risks are among an organization’s highest priorities, and the threat keeps increasing, a fact that has been highlighted by the World Economic Forum’s Global Risks Report since early 2020. The evolution of the digital landscape and infrastructure, driven by the disruption of connectivity and emerging technologies, has vastly complexified the threat landscape and the cyber risks of all digital economy sectors. Most sectors are vulnerable to cyberattacks. In the past years, manufacturing, transportation, energy and healthcare industries have seen a rise in attacks. While the manufacturing sector has been leading in the number of attacks, healthcare has registered the highest cost per data breach of $9.77 million way higher than the average $4.88 million. For instance, in manufacturing supply chains, a sector that is heavily connecting their — mostly decentralized — operations and factories, the main reason is the lack of awareness and prioritization. For that, the Centre for Cybersecurity, World Economic Forum built a global trusted community of manufacturing ecosystem stakeholders to develop guidance to build a culture of cyber resilience across the industrial manufacturing sector value chain.
Can quantum computing be used to decode encrypted transactions? Is blockchain secure today?
Quantum computing can render some of the current public-key encryption algorithms obsolete, posing serious cybersecurity risks. Given that cryptography represents the backbone of the blockchain, making it so secure and trustworthy, it makes some blockchains vulnerable to the quantum threat. The recent post-quantum cryptography (PQC) standards released by NIST will eventually bring the necessary solutions to update and ensure a quantum-secure future for blockchains. However, the NIST PQC standards provide a key milestone to drive action around the quantum threat, but a lot still needs to be done by organizations to ensure that their infrastructure is fully protected and prepared for any quantum and non-quantum incident.
To help leaders develop the correct understanding of the quantum threat, the quantum security community at the World Economic Forum developed the Transitioning to a Quantum-Secure Economy guidelines which offer leaders direction on enabling a secure transition to the quantum economy. This effort was followed by the collective development of the Quantum Readiness Toolkit to help organizations with the assessment and prioritization of actions towards a quantum-secure organization, as well as the development of four principles and a roadmap for transition to inform global regulatory approaches towards a quantum-secure transition in the financial sector.
Is Cybersecurity an organizational problem? How can it be fixed at different levels of the organization?
Cybersecurity encompasses a wide spectrum of practices, from the protection of data, information, and networks to detection and mitigation of cyberattacks, as well as less technical concepts relevant to risk management and the development of policies and legislation. All of these are fundamental to the development of digitalized economies across societies and different organizations. The practice of cybersecurity has evolved from a focus on basic security controls to prioritizing information security and assurance and increasingly cyber resilience, going way beyond the IT technical rooms to a more board room setting. Hence, cyber resilience is not just a protective control. But leaders need to foster the right cyber-resilient mindset centered on their organization’s primary goals and objectives. Decision-making on cyber resilience needs to be embedded within the established governance structures of the organization, ensuring clear accountability, and IT and OT processes need to be designed recognizing that 100 percent cybersecurity cannot be achieved. To thrive in the digital age, organizations must prioritize cyber resilience as a strategic leadership issue, enabling them to protect core business objectives while acting as a driver for entrepreneurial innovation, productivity and economic growth. Cyber resilience in industry communities is working to reinforce the importance of cybersecurity as a strategic imperative and drive global public-private action to address systemic cybersecurity challenges.
How do you see the role of global cooperation and policy alignment in driving cyber resilience across borders? Are there any key frameworks or agreements you believe should be prioritized?
The increasing interdependencies among digital infrastructures across borders and the growing sophistication of cyberattacks underscore the importance of a harmonized, global approach to cybersecurity regulations. Efforts for global cooperation and collaboration in policy alignment allow alignment and shared guidance. Recognizing the need for a coordinated approach is key to initiating a dialogue to help the public and private sectors together for coordinated roundtables, curated discussions and aligned action. Organizations, regulators and policy-makers (at international, national and regional levels) should cooperate to develop regulations that support and incentivize cyber resilience. This needs to consider the requirement to ensure an appropriate level of consistency between regulatory jurisdictions and to recognize that the cyber resilience imperative may sometimes conflict with other regulatory imperatives such as those relating to competition and pricing. The World Economic Forum has been working to represent global communities across different global policymakers to foster this collaboration and inform global regulatory and policy-making developments.
WEF’s latest report highlights the importance of a skilled cybersecurity workforce. How is your organization addressing the shortage of cybersecurity professionals, and what training or upskilling strategies have been most effective for you?
People are at the forefront of cyber resilience. The recent Strategic Cybersecurity Talent Framework put forth by the World Economic Forum’s Bridging the Cyber Skills Gap initiative highlights that to build a robust cybersecurity workforce, organizations should focus on developing in-house talent, offering training, upskilling, and promoting from within to create a pipeline of professionals familiar with the company’s culture. This approach not only boosts loyalty and engagement but also fosters workforce continuity and stability. The mobilization of efforts should also go beyond the organizations and be extended to incorporating cybersecurity education in primary and secondary schools, equipping future generations with essential skills. In addition, the creation of individual development plans—offering flexibility over rigid paths—empowers employees, while mentoring programs led by senior leaders provide guidance on professional growth and work-life balance.
The recently launched WEF report underscores the need for greater collaboration between the public and private sectors. In your experience, how can companies work more closely with governments and other stakeholders to enhance cyber resilience?
While there is plenty that organizations can do internally to enhance their cyber resilience, this ultimately also depends on the resilience of the business ecosystem. With the increased connectivity and dependencies of critical sectors and services, improving ecosystem cyber resilience requires collaborative action. The Centre for Cybersecurity, World Economic Forum strategic priorities include strengthening global cooperation between public and private stakeholders by fostering a collective response to key cybersecurity challenges and building cyber resilience across industry ecosystems by promoting and sharing best practices. The shared insights and lessons learned among public and private sectors can serve as a valuable complement to the checklist-based approaches that common cyber frameworks offer. Organizations need to collaborate to identify common points, develop more streamlined and dynamic approaches to third-party assurance, work on informing regulations and policies that are aligned and incentivize cybersecurity practices, and proactively address threats.
With the increasing complexity of cyberattacks, how is WEF improving its incident response capabilities? Are there specific technologies or strategies that have proven effective in containing and mitigating threats?
With the increasing complexity of cyberattacks, organizations need to better plan, prepare, collaborate and test, both across the internal organization ecosystem and also with the external ecosystem. Plans must be established that come into effect when incidents occur, building on a clear and consistent understanding of an organization’s core strategic, operational, financial and legal priorities, and thereby supporting an organization to safeguard these vital interests during the incident.