GLOBAL CYBERSECURITY FORUM

Why global cyber resilience depends on a

collaborative approach
To turn the tide on ever-intensifying cyber threats, policymakers
worldwide must embark on a new era of cooperation
Today’s interconnected Cyberspace brings convenience, swift
transactions and the opportunity to engage with friends, colleagues
and business partners in any part of the world without a second
thought. Yet the Cyberspace of the 2020s also sees ever-growing
risks from ransomware and other attacks on individuals, businesses
and government institutions. As these cyber threats emerge into broad
public view, calls are growing for a new approach centred on global
collaboration.
In the past, attempts to build effective defences have hit the barriers of
perceived national interest, security concerns and a reluctance to
share technology and innovation. But a trend towards a more
collaborative multinational and multistakeholder approach, founded on
cooperation and commitment, is beginning to gain momentum.

Finding consensus
What is now emerging among the world’s cybersecurity community is
a clearer sense of shared priorities and common goals. In 2023,
speakers at the Global Cybersecurity Forum (GCF) Annual Meeting, in
Riyadh, heralded a more robust international response and a
consensus on necessary actions. Priorities identified at the GCF
Annual Meeting included advancing resilience in key sectors,
especially critical national infrastructure, harnessing Cyberspace as an
engine for growth, and the empowerment of a safe, sustainable and
inclusive Cyberspace.
.

Paradoxically perhaps, it is the younger, more tech-savvy generation

that is potentially most at risk, says Dr Yuhyun Park, founder of the
DQ Institute, a think-tank dedicated to setting global standards for
cyber intelligence. “We have witnessed seven years of consistently
high, 70 per cent cyber-risk exposure rates among children and
adolescents between the ages of eight and 18. We now refer to this
phenomenon as a persistent cyber pandemic.” Global coordinated
action can no longer be delayed, argues Dr Park, and the response
should be “akin to addressing climate challenges.”
Research by the World Economic Forum finds that 91 per cent of
leaders in cybersecurity and business believe that a far-reaching,
catastrophic cyber event is likely in the near future. The escalating
threat has propelled international leaders, decision-makers and
experts to call for an urgent, unified response that safeguards global
Cyberspace by maximising its positive benefits and mitigating
potential risks.

There is also a growing recognition that policymaking and legislation

in the cybersecurity arena needs to accelerate. “Currently, policy lags
behind innovation every time,” says Michael Ruiz, Vice President of
Cyber Innovation at Honeywell. “We need to bridge the gap between
analogue laws and digital innovation. We are facing more and more
attacks, and the level of sophistication will increase with the ability of
AI to help bad actors.”

Enter the cyber diplomats

At government level, fostering deeper resilience worldwide means
training and deploying ambassadors-at-large and diplomats with a
specific cyber portfolio. As the interrelation between digital, law and
industries becomes more complex, development of a cadre of such
“cyber diplomats”– who will help to foster multilateral collaboration and
determine how to best leverage Cyberspace to ensure security and
future global prosperity – is increasingly crucial. Similarly, investment
in education programmes is imperative in order to address a growing
global skills gap in the cybersecurity sector.
Given that Cyberspace transcends borders, international gatherings of
policymakers, innovators and thought-leaders are integral to
establishing shared goals and pathways to ensure it acts as an
enabler of socio-economic development. The launch in June 2023 of
the Riyadh-based GCF Institute is another step in that direction. The
path ahead is clear: to focus on strengthening society’s resilience to
cyber challenges through shared priorities, purposeful dialogue and
effective initiatives that ensure the future of Cyberspace is inclusive
and the benefits are shared by people around the world.
https://www.ft.com/partnercontent/global-cybersecurity-forum/why-global-cyber-resilience-depends-
on-a-collaborative-approach.html
 Tech vs tech: a new era for digital
defence
In the face of ever more sophisticated threats, AI is becoming a
strategic imperative in the fast-evolving field of cyber security
What’s the cost of a security breach? Close to $4.5mn on average for
an individual breach, and rising. In 2022 alone, almost half a billion
people’s defences were compromised, and it’s getting worse. As
enterprises gear up for a cloud-first future, with workforces dispersed
across the globe, their exposure to cyber threats has broadened, and
adversaries have been able to cast a wider net of increasingly
sophisticated attacks to evade current security paradigms with ease.
For defenders, managing security has historically been a losing battle.
Every time a new threat exploits gaps in traditional defences,
businesses race to add another solution to an already-patchworked IT
environment. Such a fragmented and reactive strategy invariably
leaves organisations several steps behind those attacking them. But a
new wave of AI security platforms can tip the scales back in the
defender’s favour, enabling enterprises to anticipate and proactively
avert the risk of critical exploits.

Winning a cyber security battle with AI

“AI's role in cyber defence will increase dramatically in coming years,”
says VS Subrahmanian, Head of the Northwestern Security & AI Lab
(NSAIL) at Northwestern University, Illinois. Subrahmanian explains
that AI can distinguish between malware and benign apps, identify
malicious insiders within an organisation and predict which
vulnerabilities will be exploited in a real-world attack. “It can even
forecast how far into the future such an attack might happen – and
how severe it might be,” he says.
 AI will be a real-time, always-on
colleague
To IT security practitioners, AI will be no less than a real-time, always-
on colleague. It will automate many of the routine manual tasks in
cyber security and free up organisations’ human resources for high-
level functions. For example, AI can eliminate system
misconfigurations – which are responsible for 99 per cent of all
firewall breaches – as well as automate configurations, offering
insights to troubleshoot and optimise rulesets for each user. In other
words, an end-to-end AI security platform can significantly cut the time
companies take to recover from cyber incidents, potentially saving
millions in data breach costs.

Cyber security at a machine scale

To create an AI advantage against their adversaries, enterprises must
adopt a resilient telemetry strategy, says Jeetu Patel, Cisco's
Executive Vice President and General Manager of Security and
Collaboration. AI can detect patterns in large quantities of security
data and derive insights that alert analysts to anomalies and prevent
their systems from being breached. “You cannot handle security on a
human scale any more. Some of the attack surfaces are so wide, and
the sophistication of the bad actors is so high that you must address it
at a machine scale,” says Patel.
The result is that AI has spawned a digital “arms race”. Cyber security
has entered a new era of versatile malware, which means that
businesses must equip themselves with equally advanced AI
safeguards as a matter of urgency. Generative AI and similar methods
will allow threat actors to automatically shape attack plans that exploit
vulnerabilities in the network, create multimodal phishing messages
that are highly personalised for a specific organisation or individual
and generate malware that is fine-tuned to evade typical antivirus
solutions. “The only way forward for cyber security companies is to put
themselves in the shoes of the attackers right now,” says
Subrahmanian, “and to anticipate the types of attacks that AI is going
to enable in coming years – then proactively defend against such
attacks today.”

AI is no cyber security panacea. It is

vulnerable to leaks and hijacking
However, if the digital world is to be made secure, cyber security
teams must seek talented staff from varied backgrounds to reflect the
context and the communities affected – which could soon mean the
entire world’s population. By flattening the learning curve for someone
to participate in the security economy, AI will enable enterprises to
achieve a more inclusive digital defence and also help address the
shortage in cyber security talent. In its sidekick role, AI will understand
natural language, and allow security analysts to instruct it more easily
to execute complex commands – such as setting up access for a new
employee.

AI for security, security for AI

But AI is no cyber security panacea. It is itself vulnerable to leaks and
hijacking attacks. While deploying AI, enterprises will need platforms
that can adapt to the evolving regulatory landscape and protect the
integrity of their internal data. “You have to build practices for getting
products out of the door that actually follow a responsible set of
guidelines, which are ideally a superset of what is regulated,” says
Patel. “There are going to be certain things that an organisation might
be legally obliged to adhere to, and there are going to be certain
things that you, as a company, might do that are over and above. This
ensures that you gain trust from the community that will be using your
solutions.”
AI in cyber security will have the same game-changing impact that
assembly lines had on manufacturing and the internet had on tech. It
will be indispensable in protecting enterprises against AI attacks the
like of which nobody could have previously conceived. Soon there will
be only two kinds of companies: those with robust AI defences, and
those that will struggle to survive.
https://www.ft.com/partnercontent/cisco/tech-vs-tech-a-new-era-for-digital-defence.html