Issue link: https://maltatoday.uberflip.com/i/1479650
22.9.2022 11 COMMERCIAL United against cybercrime WITH the rise of the Industry 4.0 and e Fourth Industrial Revolution, as well as the unprecedented technolog- ical change that comes with it, global business has colossal opportunities in its hands. AI is allowing labour-intensive tasks to be performed with unprecedented speed and efficiency, and the con- nectivity that enables the Internet of Things (IoT) has allowed data gath- ering on customers and provides pre- viously unimaginable levels of insight into their behaviour. Yet, as the world becomes increas- ingly reliant on digital technologies, the threats it faces are becoming virtu- al as well as physical. In other words, crime is moving online. According to data from the World Economic Forum (WEF), attacks on IoT devices rose by 300% in 2021. Europol, the European Union's law enforcement agency, has warned busi- ness to be alert to the rise in cyberat- tacks during 2021, and the US Federal Bureau of Investigation (FBI) reported that during 2020, online confidence fraud costs US citizens more than $475m in losses. In late 2021, the WEF's Future Se- ries: Cybercrime 2025, a joint pro- gramme of work with the University of Oxford, found that unless drastic action is taken now, by 2025 next-gen- eration technology could potentially overwhelm the defences of the global security community. "We started working on cybersecu- rity in 2012, before the concept of In- dustry 4.0 had emerged," explains Jer- emy Jurgens, managing director of the WEF, who also oversees its Centre for Cybersecurity. "Back then, the risk was poorly un- derstood by most actors in business and government." "Now," continues Jurgens, "the risk is moving faster than policy frameworks can, so we wanted to address the sys- temic nature of the risk through an impartial global platform, which the WEF is well-placed to provide. Most initiatives are national or industry-fo- cused, but we can bridge the gap be- tween cybersecurity experts and pol- icymakers." The pandemic piles on the pressure It is no longer possible to rely on the fragmented approach to cyberse- curity that has emerged over recent years, in which companies and states organise their own response to digi- tal threats. With so much at stake in a world where our work, our wealth and our identity increasingly exist on- line, a much more proactive strategy is needed to keep up with cybercrim- inals. That's especially true over last year, with the spread of Covid-19. A problem, of course, is that working from home is often less secure than when you're safely behind the firewall at an office. Without the security of enterprise networks or virtual private networks (VPNs), people at home are more at risk from criminal individuals and institutions. According to the FBI, for instance, the onset of the pandem- ic brought a 300% increase in reported cybercrime. Leading cyber risk consultancy Kroll observed that in the first nine months of 2020, ransomware was the com- monly reported attack, accounting for more than one-third of all its incident response cases. Moreover, these attacks, according to Deloitte's Cyber Intelligence Cen- tre, are frequently using Covid-19 as the bait to lure corporate employees and private customers into handing over sensitive data or downloading malicious software. "From the conversations I have had in the past year, my impression is that people are less focused on cybersecu- rity now than they were previously, as they are too focused on the pandem- ic," Jurgens explains. "Cybercriminals have taken advantage of that." This vulnerability is placing a grow- ing burden on companies, govern- ments and individuals. Whether it's concern over the pandemic, vaccina- tion programmes or any other issues on the minds of businesses and their employees, malicious actors will take advantage of the potential opportuni- ty. "The awareness of risk always lags bhind," observes Jurgens. "Similarly, policy always lags behind what the technology experts can do. This is true in many areas of technological and scientific progress, and cyber- security is one of them. Technology is moving faster than businesses and policymakers can adapt. At the WEF, we are doing our best to address that." The WEF's analysis of the industry shows that collective global spending on cybersecurity has now reached $145bn a year, and is predicted to ex- ceed $1trn in the period 2017–21. Fur- thermore, the WEF projects growth in collective global cybersecurity spend- ing by 2030 is set to be $433bn per annum. Dollars alone, however, will not solve the cybersecurity problem. What mat- ters most is how that money is spent. To deliver effective results, those dol- lars must be invested in people and processes – as well as technology. A call for cooperation The WEF cannot advise on technol- ogy investments. That is not its man- date nor its field of expertise. What it can do, though, is bring together the right decision makers and technical experts to ensure that the billions spent on cybersecurity are directed at the real threats and yield the proper safeguards. "Complexity is increasing, interde- pendency is increasing, policy is in- creasingly fragmented and there is a large cyber skills gap," Jurgens says. "Within a company, the chief informa- tion officer (CIO) or chief data securi- ty officer (CDSO) might not even have access to the boardroom," he adds. "We can bring people together, which is very important. We can con- nect cybersecurity experts with deci- sion-makers and business executives to discuss their shared challenges." One key strand of its work is the partnership against cybercrime, which aims to drive momentum for a public-private partnership to combat cybercrime. To that end, it has created a dedi- cated community of leading law en- forcement agencies, international or- ganisations, cybersecurity companies, service and platform providers, global corporations, and leading not-for- profit alliances. Among them are the likes of Ama- zon, Cisco, Credit Suisse and Dell – as well as government organisations, including the European Commission, the FBI and Interpol. The aim of the partnership is to support the establishment of a global network of hubs for operational pub- lic-private cooperation, the idea being that it'd serve as the platform for in- teractions and the sharing of insight on a global and strategic level. One of its goals for 2021, for example, is the development of a shared threat-map- ping process to help identify new op- portunities for cooperation. "It is always about people in every domain," Jurgens argues. "Building awareness is very important and cy- bersecurity must be recognised as a leadership issue. The WEF provides a playbook for cybersecurity and it focuses, in part, on education for em- ployees on phishing attacks." One individual falling for a phishing attack could, for instance, reveal log- in details that would allow cybercrim- inals to use their identity to get behind the enterprise firewall. One click on a seemingly innocuous link in an email containing malware could install ma- licious code on enterprise systems, potentially stealing or encrypting sen- sitive data. "In our efforts, we are finding that countries and institutions recognise the need to work together," says Jur- gens. "We are working with all major countries to create a space where they can talk about the areas on which they can cooperate. When it comes to cybersecurity, it benefits all parties, whether states or businesses, to collaborate." Jurgens ac- cepts that cybercrime is not a problem that can ever be totally resolved. He recognises that it is an on-going bat- tle that requires constant vigilance, co-operation and foresight. "It will be a challenge for a very long time," Jurgens emphasises. "We can al- ways make it harder for criminals. We can implement things to make it more expensive and less attractive. We can encourage better cybersecurity hy- giene, we can focus on better pursuit of criminals for their actions, and we can make cybercrime less profitable. It is not about winning the war once and for all, but we can protect businesses, institutions and countries against the worst downsides."