Open Forum: Cracking the Code

18 Jan 2024 09:30h - 10:30h

Event report

According to the World Economic Forum’s Global Cybersecurity Outlook 2023, 43% of organizational leaders think it is likely that a cyberattack will materially affect their organization in the next two years.

How can we foster innovation and cooperation to ensure preparedness against increasingly sophisticated cyber threats caused by extensive collaboration among cybercriminal networks and their adoption of emerging technologies?

More info: WEF 2024.

Table of contents

Disclaimer: This is not an official record of the WEF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the WEF YouTube channel.

Full session report

Michelle Zatlyn

The integration of the internet into daily life is rapidly increasing, making cybersecurity a crucial concern for individuals and businesses alike. This is due to the fact that cybersecurity was never embedded in the internet from the beginning, making it critical now as the integration grows. The importance of cybersecurity is emphasized by the fact that internet usage has spiked during the COVID-19 pandemic and has remained high. Unfortunately, this has led to a significant rise in cyberattacks, with cyberattacks growing about 30% last year compared to the previous year.

Cybersecurity issues are global in nature and require collaboration to solve. It is acknowledged that solving cybersecurity problems necessitates working with smart individuals from various backgrounds. Working in the field of cybersecurity can therefore provide an opportunity to contribute to solving globally important problems.

Michelle Zatlyn, co-founder of Cloudflare, originally planned to pursue a medical career but later discovered her passion for technology and cybersecurity. She views cybersecurity as a means to help people on a large scale. Through her training in science and her love for technology, she recognizes the potential for technology to make a global impact in helping people. She believes that the internet should be a place for free speech, and Cloudflare works to ensure that voices, even if controversial, are not silenced.

Furthermore, the significance of APIs (Application Programming Interfaces) in internet traffic is highlighted. API traffic now makes up about 57% of all internet traffic, a significant increase from five years ago when it constituted less than 10%. However, only about a third of online services used through APIs are protected, indicating that there is a pressing need for better cybersecurity tools and measures.

Cloudflare, as a company, plays a role in addressing cybersecurity concerns. It offers free basic cybersecurity protection to non-profit organizations, small business owners, students, and others, enabling them to maintain some level of cybersecurity protection online. Additionally, Cloudflare’s Project Galileo initiative provides support to at-risk public interest sites that may become targets due to the controversial nature of their work. This includes sites that report on human rights abuses, LGBTQ rights, and reproductive rights.

The increasing use of artificial intelligence (AI) in cyberattacks is identified as a growing concern. Organizations are worried about AI being used to launch more cyberattacks. However, it is also recognized that AI can be utilized to build better services for protection. Commercial vendors, such as Cloudflare, are using AI to collect data about attackers and develop more efficient cybersecurity measures.

Raising awareness and literacy about AI and cybersecurity topics is deemed important. The conversation surrounding AI is growing, and it is not just limited to business leaders but also extends to societal discussions. It is essential to educate individuals about the risks and benefits associated with AI and to foster understanding in the wider population.

In terms of business operations, Michelle Zatlyn emphasizes the importance of considering social aspects and the physical world, particularly for startups. She believes that successful businesses need to focus on people and kindness, aiming to bring people back together and create a positive impact in society. Additionally, the accessibility and ease of use of cybersecurity services are crucial for wider adoption. Cloudflare has made efforts to simplify its services, with a quick and straightforward sign-up process. Minimizing language, time, and friction in the cybersecurity workflow is essential to encourage more users to utilize secure systems.

Ultimately, the secret to success in cybersecurity entrepreneurship lies in delivering value to the user. Building something that is not used or does not solve a problem will have no impact and is unlikely to last in the business world. Companies like Apple serve as examples of combining security and user experience effectively in their products.

In conclusion, the rapid integration of the internet into daily life highlights the critical importance of cybersecurity for individuals and businesses. It is a global issue that requires collaboration and smart solutions. Through the efforts of individuals like Michelle Zatlyn and companies like Cloudflare, progress is being made in protecting online voices, supporting at-risk sites, and raising awareness about cybersecurity. However, there is still much work to be done in developing better tools and measures, promoting AI for positive purposes, and educating the public about AI and cybersecurity topics. Overall, the focus should be on delivering value to users and ensuring the accessibility and ease of use of cybersecurity services.

Andre Kudelski

In this analysis, the speakers discussed several key points. Andre Kudelski, who studied physics at EPFL, has a background in graphical cards and chip design. He has been instrumental in developing technology that is now widely used in AI, demonstrating his ability to identify trends before they become popular.

Kudelski emphasizes the importance of thinking outside the box when it comes to securing digital assets. He believes in wearing the shoes of the “bad guy” to model a different and more effective approach. His innovative thinking is evident in his early focus on securing elements such as video content, even before it gained mainstream attention in the 80s.

On the other hand, cybercriminals operate in an organized, professional, and business-oriented manner. They target weaker systems as they seek the quickest and easiest return on their investment. Hackers, on the other hand, utilize artificial intelligence to create personalized and scalable attacks. By understanding a system’s behavior beyond its definition, they can predict how it may react in unknown scenarios.

Hackers are often well-funded, accessing experts for their specific needs, which makes their attacks potentially more harmful. This emphasizes the need for strong defenses to protect against their activities.

It is important not to underestimate any attack, no matter how small it may seem. Even seemingly insignificant attacks can serve as a starting point for larger and more harmful ones. Thus, vigilance is crucial in addressing potential threats.

Non-profit actions, such as exposing corruption or narcotrafficking through journalism, can disrupt individuals or groups with malicious intent. This highlights the risks faced by those who seek to uncover wrongdoing.

The overuse of credentials poses a risk, increasing the probability of falling victim to phishing attacks. User-friendly and intuitive cybersecurity measures can enhance effectiveness and reduce human error.

The concept of “invisible” security emphasizes that the best security is one that goes unnoticed. This proactive approach aims to prevent threats from arising rather than relying solely on reactive measures.

The speakers stress the importance of considering future risks, especially for digital natives with vast amounts of information. Long-term security in information storage methods is crucial as current measures may be inadequate in protecting sensitive data.

Quantum technology represents a revolution in the encryption paradigm. It has the potential to render current encryption methods obsolete, jeopardizing archived personal information. Staying ahead of technological advancements is vital for data security.

Regarding ransomware, Andre Kudelski disagrees with insurance companies covering ransom payments. He suggests that insurance companies focus on covering damages and investigating the culprits involved. This approach can deter ransomware and provide better support to affected individuals and businesses.

Combining artificial intelligence with an understanding of hacker behavior is a powerful tool in developing cost-effective cybersecurity solutions. Gaining insights from hackers’ techniques can enhance defenders’ capabilities.

Minimizing the consequences of a security breach requires a comprehensive business approach, considering more than just technology or social strategies. By preparing for weak links in the process, organizations can mitigate the impact of potential breaches.

Overall, this analysis provides an extensive overview of various aspects of cybersecurity. It emphasizes the importance of proactive and robust security measures, adapting to emerging technologies, and continuously improving security practices.

Kathy Liu

In the analysis, several key points emerged regarding cybersecurity. Kathy Liu’s interest in cybersecurity was sparked by elective courses she took in grad school, despite not having a background in the field. This highlights the idea that there isn’t only one predefined path to enter the cybersecurity industry. It is a field that can attract individuals from diverse educational backgrounds.

The importance of cybersecurity as a public good accessible to all was emphasized. It was argued that cybersecurity should be seen as a fundamental aspect of society, impacting individuals, businesses, and governments alike. To increase accessibility, it was suggested to connect cybersecurity to causes that youth care about, such as climate change or healthcare. This can generate interest and engagement among tech-savvy but not yet cyber-savvy younger generations.

The need for diversity in the cybersecurity workforce was also highlighted. Diverse perspectives are important to challenge assumptions, find blind spots, and adapt to diverse forms of cyber attacks. The Inclusive Cyber Project was mentioned as an initiative dedicated to bringing diverse voices into the field.

Artificial intelligence (AI) was discussed as a potential tool for both attackers and defenders in cybersecurity. While AI may enable more realistic phishing attacks, reestablishing human core in communication can act as a defense. Recognizing patterns in communication can help recognise phishing attempts and protect against them.

Finding the right balance between cybersecurity and user experience is crucial. It was acknowledged that some frictions are necessary for cybersecurity, but unnecessary ones should be eliminated to improve user experience.

The impact of AI in cybersecurity was explored further. AI can automate tasks and free up human resources for mission-critical aspects. However, AI may also benefit attackers and give them an advantage in asymmetric cyber warfare.

Building resilience in cybersecurity is important. Having backups and resilience architecture can help organizations work through layers of defense, especially against ransomware attacks.

The use of art to communicate cybersecurity messages in a positive and engaging way was proposed. Similar to how installations at Davos communicate messages about climate change, art installations can help raise awareness and understanding of cybersecurity.

Lastly, cybersecurity was seen as an interdisciplinary field across organizations, rather than confined to a specific department. Everyone should have a basic understanding of cybersecurity vocabulary and foundations to create a strong cybersecurity culture within organizations.

In summary, the analysis highlighted the diverse paths into the cybersecurity field, the importance of accessibility and diversity, the role of AI, the need for resilience, and the potential of art in communication. These insights provide valuable considerations for policymakers, educators, and cybersecurity professionals aiming to enhance cybersecurity practices and raise awareness about its significance.

Lauren Woodman

In this collection of arguments and stances, the importance of cybersecurity in humanitarian and social impact organizations is highlighted. These organizations need to secure not only their own assets but also the sensitive data of the vulnerable communities they serve. Lauren Woodman, an expert in the field, emphasises the need for cybersecurity in such organizations, drawing from her experience in transitioning from a focus on encryption to cybersecurity in humanitarian and social impact work.

The argument is made that the nonprofit sector lags behind in terms of technology and must address this issue. Nonprofits, often lacking resources compared to private sector organizations and governments, rely on commercial products that are susceptible to cyberattacks. With their data shared across networks, nonprofits are attractive targets for ransomware attacks. It is crucial for the nonprofit sector to prioritise cybersecurity and actively address cybersecurity risks.

Another concerning aspect highlighted is the potential disruption caused by cyberattacks on organizations delivering humanitarian aid. Organizations rely on mapping software to avoid conflict zones, and any disruption can divert aid. Instances have occurred where people attempt to offload and sell aid on the black market for profit. This highlights the need for robust cybersecurity measures to ensure aid reaches its intended recipients and is not misused.

Civil society is identified as being poorly positioned to effectively respond to cyber attack risks. Cybersecurity threats pose a risk to free speech, justice, and vulnerable populations, and civil society struggles to navigate these challenges.

The growing use of artificial intelligence (AI) in launching cyber attacks is viewed as a factor that will make cybersecurity more complex. The presence of AI technology in cyber attacks adds a new layer of challenge for organizations defending against such threats.

The importance of thorough due diligence and the utilization of security expertise in combating increasing cybersecurity threats is emphasised. Nonprofits rely on products created in other industries for their cybersecurity needs, and as such, due diligence needs to be comprehensive to counteract the rising threat landscape.

Moreover, the need to incorporate cybersecurity education in school curricula is stressed. It is noted that even digital natives are not necessarily cybersecurity-savvy. Woodman herself has personal experience with her children being exposed to cybersecurity issues during online schooling. The inclusion of cybersecurity education aims to empower students to navigate the digital world safely and securely.

Overall, it is concluded that cybersecurity is an essential aspect that must be prioritised in humanitarian and social impact organizations. The nonprofit sector needs to address its technological lag and actively engage in cybersecurity measures. Furthermore, the potential disruptions caused by cyberattacks on organizations delivering humanitarian aid highlight the need for robust cybersecurity measures. Civil society faces challenges in effectively responding to cyber attack risks, and the use of AI in cyber attacks adds further complexity to the cybersecurity landscape. Thorough due diligence and the utilization of security expertise are crucial in combating increasing cybersecurity threats. Incorporating cybersecurity education in school curricula is vital to equip students with the necessary skills to navigate the digital world securely. Multilayered, community-wide efforts are encouraged to raise cybersecurity awareness and foster a safer online environment.

Audience

The discussions at the Davos conference centred around the rapidly changing threat landscape brought about by emerging technologies such as AI and quantum computing. There is growing concern that organisations may not be correctly adopting these technologies, which could lead to potential security vulnerabilities. One audience member raised a question about what organisations might be getting wrong in their adoption of these technologies.

It was argued that organisations need to adopt emerging technologies in a safer manner. The audience member inquired about how organisations could improve their adoption of these technologies for a safer outcome. This suggests that there is a recognition of the importance of addressing potential security risks associated with the adoption of emerging technologies.

Furthermore, it was revealed that there is a significant delay in outsourcing penetration testing projects. This delay can have serious implications, as vulnerabilities could persist for an extended period, increasing the risk of potential cyber attacks. In some cases, the collapse of an entire business could be attributed to such vulnerabilities.

Social engineering was identified as a major vulnerability in cybersecurity. It was highlighted that the largest and most impactful hacks often involve social engineering techniques. For instance, the Stuxnet hack was made possible through the use of a USB found in a car park. This underscores the need for cybersecurity packages to encompass and address social engineering vulnerabilities.

Notably, it was suggested that thoughtful product design can play a crucial role in mitigating social engineering attacks. By taking into account user behaviours and tendencies, product designers can create more secure systems. This acknowledges that end-users’ behaviours should be considered when designing cybersecurity measures.

Overall, the discussions at Davos highlighted the need for organisations to carefully adopt emerging technologies, address potential security vulnerabilities, and consider the role of social engineering in cybersecurity. Thoughtful product design and an understanding of user behaviours were also emphasised as important factors in creating more secure systems. These insights contribute to a broader understanding of the challenges and opportunities in the evolving landscape of cybersecurity.

Anne Cleveland

In a recent event, Anne Cleveland encouraged individuals who are interested in a career in cybersecurity to reach out and join the field. This highlights the growing demand for professionals in the cybersecurity industry. It is considered a positive development as it can provide opportunities for individuals to contribute to the field and address the challenges posed by cyber threats.

During the event, it was revealed that around 50% of the audience had experienced being the target of a cyber attack. This alarming statistic showcases the prevalence of cyber attacks and emphasizes the need for robust cybersecurity measures. Furthermore, when asked if they knew someone who had been targeted, every person in the audience raised their hands. This indicates the significant impact of cyber attacks, not only on individuals but also on their social networks.

Another notable point discussed during the event was the susceptibility of individuals in the younger generation and the elderly population to cyber attacks in relation to loneliness and artificial intimacy. This vulnerability highlights the need for targeted cybersecurity solutions that address the unique challenges faced by different age groups. It suggests that cyber criminals may exploit individuals seeking companionship or connection online, placing them at risk of various forms of cybercrime.

Moreover, it was highlighted that small organisations, including non-profits and social enterprises, face similar risks of cybercrime as larger organisations. This demonstrates that the scale of an organisation does not safeguard it from cyber threats. It underscores the importance of implementing effective cybersecurity measures regardless of the size of the organisation. Furthermore, it suggests the need for tailored solutions for the social sector to ensure the protection of valuable data and sensitive information.

In conclusion, Anne Cleveland’s encouragement to join the field of cybersecurity reflects the growing demand for professionals in the industry. The high prevalence of cyber attacks demonstrated by the audience’s experiences and connections underscores the need for robust cybersecurity measures. The susceptibility of individuals in the younger and older age groups to cyber attacks, especially in the context of loneliness and artificial intimacy, highlights the need for targeted solutions. Lastly, small organisations in the social sector must prioritize cybersecurity to mitigate the risks they face. Overall, the event emphasized the ongoing importance of cybersecurity in addressing the challenges posed by cyber threats and protecting individuals, organisations, and society as a whole.

AK

Andre Kudelski

Speech speed

140 words per minute

Speech length

1838 words

Speech time

788 secs

AC

Anne Cleveland

Speech speed

158 words per minute

Speech length

1763 words

Speech time

669 secs

A

Audience

Speech speed

189 words per minute

Speech length

665 words

Speech time

211 secs

KL

Kathy Liu

Speech speed

174 words per minute

Speech length

1852 words

Speech time

637 secs

LW

Lauren Woodman

Speech speed

179 words per minute

Speech length

1379 words

Speech time

462 secs

MZ

Michelle Zatlyn

Speech speed

217 words per minute

Speech length

2468 words

Speech time

683 secs