Jürgen Stock, the Secretary General of INTERPOL, Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency of the United States Department of Homeland Security and Nikesh Arora, CEO and the Chairman of Palo Alto Networks gave expert insights into cybersecurity priorities and recommended actions for leaders in response to the new challenges presented by the global pandemic during an April 22 webinar organized by the World Economic Forum’s Centre for Cybersecurity.
Key points made during the session include:
Unprecedented economic and social dependence on digital infrastructure, including the radical shift to remote working, is fueling a rise in cybercriminal exploitation of new vulnerabilities, online scams and digital disinformation campaigns.
Palo Alto Networks says that its enterprise customers typically have 5% to 10% of their workforce working remotely. Now it is as much as 95% and since it happened so quickly this has expanded the risk vectors. Going forward there will be a bigger shift to working from home so rearchitecting of networks will be needed.
Cyber criminals know people are spending more time online for work and leisure during quarantine. As a result cyber incidents have risen by several hundred percent. These include ransomware attacks against hospitals, business emails being compromised and scams that exploit the needs for key supplies. INTERPOL believes these threats will only increase in terms of numbers and sophistication so bringing the public and private sectors together is more important than ever.
“The quicker we share information the quicker we can prevent replication of criminal behavior in different markets,” says Arora.
Training remote workers to be more aware of cyber security issues will be important but even more importantly corporates need to remove the ability of individual users to inflict damage by adopting integrated technical solutions that include more security controls that users can not see. Malicious emails, for example, could be automatically stopped in the Cloud before they arrive on users’ desktops or phones. The people charged with cybersecurity at big corporates are dealing with too many complex systems. Companies need to shift to more integrated systems instead of focusing uniquely on buying best- of-breed products.
Cloud services are becoming critical infrastructure in much the same way as telecom services but are not regulated in the same way. The question going forward is whether cloud services should be considered a utility. The Cloud is going to take on a bigger and bigger role in the acceleration of digitalization but it introduces vulnerabilities such as app security issues. Once the pandemic is over government will have to redefine what critical infrastructure resilience should look like.
There is a need to train the work force on cybersecurity post COVID-19. How can we scale that at a fast pace? Expertise is needed everywhere, including having law enforcement cooperate with the private sector on training. One idea is to shift training activities to a virtual platform and bring different actors together.
You can access more of The Innovator’s Key Takeaways here.