With the cost of cybercrime to the global economy estimated to rise to $500 billion dollars annually according to some experts, the issue of cyber security inevitably took centre stage at this year’s annual World Economic Forum in Davos.
This year’s event carried the theme of ‘Creating a Shared Future in a Fractured World’, with the organisation identifying cyber security as the third biggest global risk, just behind extreme weather events and natural disasters.
This would have been inconceivable just a matter of years ago perhaps, and illustrates how the rapid pace of change arising from our increasingly digital economy – alongside the growing industrialisation of the global cybercrime industry – has resulted in one of the most pervasive and pressing challenges facing businesses and wider society today.
Indeed, WEF’s Global Risks Report states that cyber breaches recorded by businesses have almost doubled in five years, from 68 per business in 2012 to 130 per business in 2017.
The agenda was packed with speaker slots, panel debates, breakfasts and dinners where international business leaders and cyber experts convened to debate some of the most critical cyber issues which urgently need to be addressed. These included: How can businesses effectively manage cyber risk? What’s the best way of addressing the chronic skills shortage? How can businesses and government’s boost preparedness for the next global cyber event? What are the risks and opportunities in using AI to mitigate against the threat?
Navigating these issues is far from easy. Cyber security is a complex beast, not least because of the dynamic nature of the evolving threat landscape which requires organisations to constantly review and evolve their cyber security strategy, policies and procedures just to keep up. Equipping staff with the necessary skills and awareness to help organisations boost their defences will also be an ongoing challenge.
Recognising the scale of the challenge, together with the fact that cybercrime is increasingly borderless in nature, the Forum itself has decided to intervene through the creation of a new Global Cyber Centre in Geneva. Here, governments, the international business community, cyber experts and law enforcement agencies will convene and collaborate to find solutions to these key questions.
The centre will host an independent library of best practices, skills and training resources, as well as planning for future cybersecurity scenarios and developing a regulatory framework for cyber security.
>See also: Policing cybercrime: a national threat
This development is very welcome and echoes BT Security’s own view that only through greater cross-border collaboration – through the exchange of threat intelligence information and sharing best practice – can businesses and governments collectively combat the actions of organised gangs of cybercriminals.
BT Security will be lending it’s own expertise to the Forum with advice around practical training and the essential skills needed for businesses to address the operational challenges posed by global cyber threats.
The often catastrophic impact of cybercrime – whether that’s the meltdown of the national grid, cancelled hospital appointments, hackers communicating with children via connected toys, or people’s bank accounts being raided – has naturally led to a culture of fear amongst business leaders and governments.
Cyber security is a world which is intrinsically secretive. No CEO wants to publicly lift the lid on the vulnerabilities which may have led to a major breach of their company’s defences, while others are cautious of sharing the technical details of their cyber defences for fear of that information falling into the hands of hackers.
In a world where everyone is vulnerable and no organisation can ever claim to be 100 per cent secure, this needs to change. And with the new GDPR rules coming into effect in May, organisations will indeed have to start thinking differently about their attitudes and approach towards cybercrime and the protection of personal data.
>See also: How can banks fight cybercrime?
Like WEF, BT believes that governments, businesses, ISPs and law enforcement agencies need to be more open, reach out and come together if we are to succeed in stemming the rising tide of digital crime. BT Security’s own cyber security research with KPMG concluded that in order to gain true leadership in cyber security and transform it from a threat into an opportunity, businesses must share intelligence, best practice and hard-won lessons amongst a network of trusted peers.
Such an approach will allow the entire industry to develop a collective shield against the constant onslaught of attacks; to give you a sense of the scale, BT identifies more than 240 billion cyber security alerts across its global network every month, while the direct threat to our organisation is growing at more than 100% per annum.
Some good progress is already being made with regards to greater public-private sector collaboration to tackle cybercrime head on. For example, BT is already proactively reach out to organisations impacted by breaking cyber events to offer our knowledge, expertise and support. It’s also an active member of the UK Government’s Cyber Security Information Sharing Partnership (CiSP), which collates, assesses and distributes threat intelligence from industry and government sources to its members.
The Government’s National Cyber Security Centre has reported a 43% increase in visits to the CiSP over the last year, which illustrates the value and importance of such a resource. And a few months ago we became the first telecommunications provider to partner with Interpol around a mutual data sharing agreement, through which our threat intelligence information will help Interpol in its efforts to identify and take action against cyber criminals.
>See also: How do you solve a problem like cybercrime?
It is of course vital that all participants involved in intelligence sharing partnerships actively input intelligence rather than just benefitting from the output. A reciprocal approach is needed and there is more work to be done in encouraging other organisations to come forward and play their part.
The time is ripe for companies – and ISPs in particular, as custodians of people’s data – to work more closely with Governments to help counter cybercrime.
Everyone bears responsibility for being part of the solution, but only though greater collaboration and consensus can businesses and governments hope to win the battle against the rapidly expanding cybercrime industry.
Sourced by Mark Hughes, CEO, BT Security