Tuesday , December 24 2024
cyber security outlook

World Economic Forum
Global Cybersecurity Outlook 2024: WEF report

The World Economic Forum’s Global Cybersecurity Outlook 2024, produced in collaboration with Accenture, examines the cybersecurity trends that will affect economies and societies in the year to come. The report illuminates major findings and puts a spotlight on the widening cyber inequity and the profound impact of emerging technologies.

The report showed that discussions on resilience during workshops emphasized the importance of operational technology (OT) security.

Splunk targets Bangladeshi market: Investing in local talent

Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk's local partner...
Read More
Splunk targets Bangladeshi market: Investing in local talent

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Eight New ICS Advisories released by CISA

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies  Hacker claim ransomware attack on Indonesia’s state bank BRI

London-based company “Builder.ai” reportedly exposed 1.2 TB data

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data

(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall

Sophos has fixed three separate security vulnerabilities in Sophos Firewall.  The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)  Sophos resolved 3 critical vulnerabilities in Firewall

“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability

Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...
Read More
CVE-2023-48788  Kaspersky reveals active exploitation of Fortinet Vulnerability

U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports

The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...
Read More
U.S. Weighs Ban on Chinese-Made Router TP-Link:  WSJ reports

“Legacy systems were most pronounced in organizations with an operational technology (OT) footprint,” the WEF wrote in its Thursday report. “This issue becomes more apparent when looking at how responses differ between cyber and business leaders. Following on from the fact that the gap between cyber and business leaders is closing, the main conclusion of the GCO 2023 report, both groups said that resource or skills gaps were the highest barriers to cyber resilience (38% of business leaders and 32% of cyber leaders).”

Security leaders are mostly concerned about securing legacy technology (29%) and facing cultural resistance to change (25%). Business leaders, however, are less worried about these issues, with only 14% and 8% expressing concern, respectively. Both of these issues are related to resource and skills gaps.

The report emphasizes that security leaders believe the challenges they face can only be resolved if they have the right people and skills. However, business leaders find these challenges more manageable because they are not directly involved in day-to-day cyber resilience tasks.

Organizations are rapidly adopting new technologies like generative AI, but they are not updating their older systems at the same speed. As a result, they are increasing their technological footprint and adding risk. This can also make it harder for larger organizations to support and monitor smaller ones in their supply chain, which worsens inequalities.

The WEF report showed that some organizations are more cyber-resilient than others.t. “The number of organizations that maintain minimum viable cyber resilience is down 30%. While large organizations demonstrated remarkable gains in cyber resilience, SMEs showed a significant decline. More than twice as many SMEs as the largest organizations say they lack the cyber resilience to meet their critical operational requirements,” it added.

New technology will make existing cyber resilience challenges worse and widen the gap between highly capable and less capable organizations, according to the agency.“As organizations race to adopt new technologies, such as generative artificial intelligence (AI), a basic understanding is needed of the immediate, mid-term, and long-term implications of these technologies for their cyber-resilience posture.”

Fewer than 10% of respondents believe that generative AI will give an advantage to defenders over attackers in the next two years. Approximately half of executives are concerned about the impact of generative AI on cyber due to advances in adversarial capabilities such as phishing, malware, and deepfakes.

The report also focused on the cyber-skills and talent shortage that continues to widen at an alarming rate. Half of the smallest organizations by revenue say they either do not have or are unsure as to whether they have the skills they need to meet their cyber objectives. Only 15 percent of all organizations are optimistic that cyber skills and education will significantly improve in the next two years, while 52 percent of public organizations state that a lack of resources and skills is their biggest challenge when designing for cyber resilience.

These findings highlight the growing concerns surrounding the impact of new technology on cyber resilience. With the adoption of generative AI, organizations must be aware of the potential implications it has on their ability to defend against cyberattacks. Furthermore, the report emphasizes the alarming shortage of cyber-skills and talent, making it even more challenging for organizations to bolster their cyber resilience efforts.

WEF stated that the alignment between cyber and business is increasing. Organizations need to invest in and maintain essential security fundamentals. 29% of organizations reported being materially affected by a cyber incident in the past year. The biggest organizations consider transforming legacy technology and processes as the main barrier to cyber resilience.

93 percent of organizations that are leaders and innovators in cyber resilience trust their CEO to speak externally about their cyber risk. However, only 23 percent of organizations that are not cyber resilient have trust in their CEO’s ability to speak about their cyber risk.

WEF also found that cyber ecosystem risk is becoming more problematic. “For any organization, the partners in its ecosystem are both the greatest asset and the biggest hindrance to a secure, resilient, and trustworthy digital future. 41% of the organizations that suffered a material incident in the past 12 months say it was caused by a third party.”

54% of organizations don’t understand cyber vulnerabilities in their supply chain. 64% of executives, even if they believe their cyber resilience meets minimum requirements, still don’t understand their supply-chain cyber vulnerabilities. Additionally, 60% of executives think that cyber and privacy regulations decrease risk in their organization’s system, which is an increase of 21% since 2022.

In its conclusion, the WEF report said that ​​the struggle to maintain high-quality – or even adequate – cyber-resilience capability is fast becoming a zero-sum game.

“The ability to cultivate best practices, to compete for sufficient talent and, in some cases, simply to afford the right tools and services, is increasingly determining which organizations win and which lose out,” WEF identified in its report. “As a result, the organization’s most lacking can least accomplish it. A secure supply chain requires all organizations to meet minimum viability for a truly secure ecosystem, but the inequity that exists today makes it vulnerable. Yet it does not have to be this way and there are many reasons to be optimistic about the near future.”
Practical cybersecurity practices are gradually making a difference, but there is still a need for change in the current direction.

“Otherwise, as seen throughout 2023, early adoption of new technology by leading-edge organizations, the struggle by those on the underside of the curve to keep pace with foundational capabilities for trust and security, and fragmented incentives within digital ecosystems will accelerate digital disparity in the coming years,” the WEF wrote in its report. “Furthermore, the interconnection of the digital economy makes it inevitable that the negative effects will compound, affecting everyone. Therefore, everyone needs to work together to encourage sustainable capability for the future – including developing the right priorities and organizational culture while providing for equitable access to talent, technology, and security tools.”

The agency emphasized that the most important responsibility is to improve systemic resilience by addressing inequalities and strengthening connections between organizations.

The WEF recently published guidelines for ensuring cybersecurity in the OT environment as digitalization and the merging of OT and IT environments increases. This is essential for keeping industrial operations, global economies, and infrastructures running.

Check Also

Telecom Namibia

Over 4 lac files ‘leaked’: Telecom Namibia hit by major cyberattack

Telecom Namibia experienced a cyber incident that leaked customer data. The company is working with …

Leave a Reply

Your email address will not be published. Required fields are marked *