World leaders at Davos have laid out bold plans for tackling cyber threats, from AI-driven risks to geopolitical tensions, highlighting the critical need for digital resilience.
Katie Drummond, the global editorial director of Wired Magazine, who led the cyber panel at Davos, pointed out from the offset, that the cyber landscape is becoming “increasingly complex” and that a lot of “disentanglement” needs to be done, especially as the growth of AI and more sophisticated infrastructure exacerbates inequity.
Drummond mentioned that AI is a “buzzy word” but that geopolitical issues need to be examined, not to mention supply chain logistics. Therefore the main themes of this talk were AI, geopolitical instability, supply chain vulnerability, and talent shortages.
In the World Economic Forum’s global security outlook report published last week, Drummond highlighted that the conversation is pressing, but the geopolitical and supply chain conversation may seem “less scintillating than AI.”
She asked Gobind Singh Deo, the Minister of Digital for Malaysia, about the evolution of geopolitical instability and what steps were being taken to foster digital trust and bolster cyber resilience.
Cyber threats stretch across boundaries
Singh Deo responded by stating, “We need to adapt to what’s new,” and emphasized that everyone must ensure that the devices they use are secure. He also mentioned the need to boost cybersecurity measures.
An interesting aspect of his outlook was that his government has worked to “redefine what cybersecurity experts are” and to “accredit cybersecurity levels.”
This points to a strategic take, where better-qualified experts are key to dealing with cyber threats. Essentially, it’s not important for an institution or government to build up an arsenal of thousands of cybersecurity experts, as many individuals out there are imposters. But that better quality and know-how is paramount.
Building trust was one of the main themes of his answer. He stated that Malaysia would do best to “put our house in order” and to “secure cybersecurity regionally and then globally.”
Nevertheless, he mentioned that “cyber threats stretch across boundaries,” hence the importance of a “back to basics” approach for companies and governments handling data breaches.
Spanish firms under siege
Oscar López, Minister of Digital Transformation and Civil Service of Spain, also took a regional stance. He highlighted that democracy was the enemy of many cyber attackers, saying, “Democracies are old enemies with new tools” and emphasized Spain passing an act two weeks ago regarding citizens' personal data rights.
By considering the layman with their cellphone, the Spanish government emphasizes investing in education for citizens to learn digital skills and to “know how to move,” likely referring to the changing times.
Lopez mentioned the three pillars in Spain that are collaborating effectively: the Ministry of Defence, Police – Internal Affairs, and the Institute of Cybersecurity.
López said that the Ministry received 80,000 calls last year alone from companies saying they were under cyberattack – around 220 a day – and emphasized that the private and public sectors must collaborate instead of viewing themselves as separate entities.
Host Drummond brought up the fact that these cybersecurity systems are “rubbing up against AI,” which is “the giant elephant in the room.”
She mentioned that in the WEF’s global security outlook report, 66% of organizations are concerned about AI against cybersecurity, and so she asked Hoda Al Khzaimi, Research Assistant Professor at New York University Abu Dhabi, how we can redefine cyber resilience.
“It only takes seconds to take down a system”
Al Khzaim, a research assistant professor at New York University Abu Dhabi, began by saying that the whole sphere is covered in “complexity rhetoric,” emphasizing that it’s not just about investment and infrastructure – it’s a race.
She pointed to the need for architects to build increasingly agile digital platforms, though legislation often takes time to draft.
Al Khzaimi cited the 2021 Colonial Pipeline ransomware attack, where hackers targeted the billing department and extorted 65 Bitcoin (or 4.4 million USD).
The pipeline was closed because the company didn’t know about its own infrastructural vulnerabilities. As Al Khzaimi put it, “It only takes seconds to take down a system, but years to draft an act.”
Regarding high-tech developments, she noted that AI and quantum computing exist in different zones, and geopolitically, only specific regions have access to sovereign infrastructure to develop hardware and software.
She mentioned the tricky aspect of AI development, where developers are placing technology in the hands of the public, creating mixed messages about its potential.
While AI can create beautiful art, for example, it can also exhibit bias, and these contradictions are confusing for the public.
Al Khzaimi also stressed that not everything related to AI has to be commercially driven. It must be developed and researched scientifically. While this is good for collective commercial progress, we also need to consider the risks to society.
The researcher described the world as “poetically fragmented,” appreciating the complexity of the digital tapestry. She also pointed out that governments are focused on building sovereign status, and regulators have “no control over the mindset of an attacker.”
Although a handful of global players control the money and onus, the threat “trickles down to multiple countries.” Al Khzaimi gave a credible example that billions of dollars could be lost in a solar attack as an infrastructure-related speculation.
Don’t trust anyone
Next, Drummond asked Jay Chaudhry, CEO of cloud security company Zscaler, whether traditional approaches are still effective in preventing cyber threats.
Chaudhry pointed out that some security systems are 30 years old. He made the analogy of having a castle with a moat, where the data center was the middle of the universe, and that model had previously worked, but not for much longer.
He went on to explain that hackers can disrupt firewalls and VPNs, so the first policy has to be “Don’t trust anyone,” more commonly known as “zero trust.”
Chaudhry used the analogy of a switchboard: “If you want something, come to me to access app A, B, or C. You can see meeting room A, then you’re escorted out.”
This analogy seemed reminiscent of an old-school system when you’d call a receptionist at a local government office and ask to be put through to a department.
He pointed out that “hackers have no inertia,” meaning they can move quickly and adapt. Chaudhry also said the most common hack is stealing credentials from a VPN system. Once the hacker has that, they’re effectively “inside the castle” and have access to high-value assets.
For example, in the energy industry, “access to gas for millions is wiped out” instantly. He emphasized that with traditional systems, each entity needs to do its job, and that “some regulation is good, overregulation is bad,” suggesting that government bureaucracy can often hinder more agile systems.
“No ego” when it comes to collaboration
Robert M. Lee, CEO and Co-founder of Dragos, a global leader in cybersecurity for industrial control systems, viewed the situation from a company perspective. He stated that attacks are quick and overwhelming. Employees are often shocked at their lack of knowledge about industrial facilities.
He mentioned that electric systems need a “sense of healing” for recovery time, presenting the perfect opportunity for cyberattackers.
Lee gave the example of an operator controlling water chemicals. Should an adversary attack this structure, the infrastructure would be non-resilient. Many employees, and even directors, “truly don’t understand their companies and only care about profit share.”
He pointed out that many companies have been living in a “family world for decades.” When something goes wrong, there’s no one to go to – can’t go to “grandpa.”
From a financial perspective, Lee stressed that if a company doesn’t invest in cybersecurity, they’ve already missed the boat.
There could be three reasons why something went wrong: maintenance, cybersecurity, or a contractor’s mistake, and the issue is compounded by the fact that “data is transient – it’s gone.”
Lee gave the menacing example of targeting water systems and contaminating the water. He passionately exclaimed, “Go and rob the bank! No offense, but don’t take down the water facilities!”
Returning to employees, Lee said they generally have “no idea what’s not being done currently and no visibility of what’s going on inside their plant.” He observed that many companies are trying and failing.
On a bigger scale, Lee emphasized the importance of harmonizing regulation, contrasting Singapore with the US. He noted that Singapore has “no ego” when it comes to collaboration.
How can we have a more equitable future?
Al Khzaimi responded that governments should allow sovereign spaces – indigenous – to create their own cybersecurity assets, noting that structures of monopolies can’t tackle niche ideas.
She pointed to the geopolitical question of how access to individuals’ data is limited and stressed that we are building for a segregated world and must be very careful not to see the rest of the world as a deployment playground.
López then weighed in, stating that only the US, China, EU, and India can influence the destiny of the world. He provocatively asked, “Imagine if Palo Alto was not in California but in Afghanistan. What would the Taliban do?”
He shared that they’re testing toys in the national cybersecurity center in Spain. These toys, which use chips to connect to WiFi, can be breached, allowing attackers into personal homes to gather details – a huge challenge with so many variables.
Chaudhry added, “Security can be complex, but it doesn’t need to be.” He recommended building a four-foot fence instead of talking about a twenty-foot one. He stressed that the biggest thing is knowledge – not just about money – and that structures need to be built to act quickly.
He pointed out that the problem in emerging markets is simply a lack of knowledge. “Governments shouldn’t be telling companies what to do; they should learn from them.”
Drummond offered the suggestion to start in your own backyard. Singh Deo concluded with a “back to basics” perspective, advising industries to ask themselves, “What do you need?”
Your email address will not be published. Required fields are markedmarked