World Economic Forum on Cybersecurity in 2024 | Artificial Management System
CyberInsights #126 - The WEF's outlook on cybersecurity in 2024 | ISO 42001:2023 talks about a management system for artificial intelligence
A high level look at global cybersecurity
From ‘cyber inequality’ to skill shortage - the WEF assesses what the world thinks about cybersecurity in 2024
January is a month of predictions. In the beginning of 2023, I had written about the predictions for 2023 here:
Predictions range from banal truths to wishful astrology. This year, I had decided not to read any predictions. However, when the World Economic Forum comes up with the results of a survey called “Global Cybersecurity Outlook 2024”, it’s worth a read.
I did all the hard work, so that you don’t have to and have written a short summary that you can download as pdf above.
Here are the highlights:
Cyber Inequality continues to rise - Cyber inequality was a new term for me. It is very similar to the ‘rich get richer and the poor get poorer’ concept. Companies that have good cyber resilience keep getting better while those who do not have good cyber resilience keep getting worse.
Generative AI will cause more problems than solve - The use of Gen AI for attack is far easier than the use of Gen AI for defence. A few days back, I had conducted a webinar on the use of Gen AI in cybersecurity. It was easier to create adversarial prompts than defensive ones.
Skill shortage will continue to trouble - While skill shortage is a great leveller in the cybersecurity industry, surprisingly, it is the mid revenue organisations that fear being affected more than the smaller ones.
Cybersecurity and the business linkage - There is an interesting observation here. If the CEO can speak well publicly about cybersecurity, then the organisation has better cyber resilience. Otherwise the cyber resilience is questionable. In hindsight it is quite obvious - provides a good measure of how much of the organisation focuses on cybersecurity. This is how I see it:
Cyber ‘ecosystem’ and their risks - Call them third party risks, vendor risks, ecosystem risks or supply chain risks - all of them point to an attack vector that is one of the fastest growing cyber risks today.
Geopolitical tensions and cyber - While this risk does not affect corporates, the risks are huge and can affect an economy. Today, cyber is used to create:
Misinformation and disinformation
Deepfakes
Automated disinformation
Targeted advertising
Data privacy concerns
Algorithmic manipulation and social media
Take Action:
The WEF report is available here. [LINK]. Read it to understand what respondents are most worried about. Identify if there are anything that you need to do in your organisation around these concerns.
ISO 42001:2023 - An attempt to setup an Artificial Intelligence management system
It’s not just about AI security, but about managing AI in your ecosystem
You know it is important when the International Organisation for Standardisation, ISO, comes up with a management system around it.
The website [LINK] gives the benefits of the standard:
This is a new area and expect lots of action as it matures.
Take Action:
If your organisation has already implemented some form of management systems, especially using ISO standards as a base, and you use AI in some form, this is a standard worth evaluating and implementing.
Another good post, thanks for sharing your summary thoughts on the WEF survey. I think cybersecurity inequality is rightfully getting a lot more attention, and hopefully soon more action. In the critical infrastructure space this is especially critical. Small municipalities, small hydro and water treatment facilities, and similar entities are often not just understaffed, but have no cybersecurity staff at all, or maybe one person.