Since Fortinet was founded in 2000, we’ve always believed that cybersecurity is a force for good and that making the digital world a safe place for everyone is a critical responsibility. Conversely, cybercriminals continue to threaten our digital economy, using increasingly sophisticated and complex techniques. That’s why we have a longstanding commitment to working with global experts across business sectors, law enforcement agencies, governments, and international organizations to make the online world more trustworthy and secure.
Last month, I attended the World Economic Forum’s (WEF) Annual Meeting on Cybersecurity, which brought together nearly 140 cybersecurity leaders from more than 30 countries, representing over 95 global companies, international governments, organizations, academia, and nonprofits. The meeting comprised numerous discussion sessions focused on three major themes: building cyber resilience, strengthening global cooperation in the fight against cybercrime, and understanding future networks and technologies.
During those conversations, I saw additional distinct themes emerge—particularly around what senior leadership is most concerned about as we head into a new year. Below are my key takeaways from the WEF Annual Meeting on Cybersecurity pertaining to some of our industry's most pressing global challenges.
As cybercrime continues to converge with advanced persistent threat methods, cybercriminals are finding new ways to weaponize technologies at scale to enable more disruption and destruction. And these threats are becoming increasingly ubiquitous. From Ransomware-as-a-Service (RaaS) to new attacks on nontraditional targets like edge devices, the growing volume and variety of increasingly sophisticated cyber threats is a top concern among CIOs and CISOs.
There was discussion on how to anticipate, identify, and prioritize threats, especially as bad actors introduce more targeted attacks that, in many cases, pose a higher level of organizational risk. There is interest in creating a culture of cyber resilience—making cybersecurity everyone's job—by implementing ongoing initiatives such as organization-wide cyber education programs and more focused activities like tabletop exercises for executives. I also heard discussion about the need to prepare for the Web3 and quantum computing future now, embedding security at the start.
Additionally, the cybersecurity skills gap remains a top issue for security executives. According to a recent Fortinet survey, a staggering 80% of organizations experienced at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills or awareness.
Greater risks and overworked IT staff present more opportunities for cybercriminals to take advantage of expanded attack surfaces. And set against an always-evolving threat landscape, this talent shortage impacts more organizations each year and can leave them struggling to protect their assets. Finding creative approaches to filling the talent gap—such as tapping into new talent pools in an effort to recruit more women, minorities, and veterans, along with offering reskilling opportunities to those looking for a career change—are essential as bad actors continue to launch increasingly complex attacks at an unprecedented rate.
Another shared area of interest among leadership is effectively communicating cybersecurity risks to other stakeholders, particularly an organization’s board members. While most individuals on the board of directors aren’t cybersecurity experts, they do want to understand whether the enterprise is at risk, and what that risk can mean for the organization. Ideas were exchanged for articulating the right metrics to help board members visualize the organization’s cyber maturity, strategies for communicating how various risks can potentially impact an organization’s bottom line, and more.
As technological innovations continue to proliferate at an exponential pace, so do the capabilities of malicious actors who can boost one another by sharing information on new attack techniques and tools. To stay ahead of attackers, a shared sentiment throughout the WEF Annual Meeting on Cybersecurity echoed a similar sentiment: that public and private sector organizations must find more opportunities to collaborate and share intelligence about cybercrime.
Fortinet has spent years collaborating with partners on several important projects. As one of the founding members of WEF’s Centre for Cybersecurity and its Partnership Against Cybercrime (PAC), we’ve been working in partnership with a dynamic group of organizations across various industries and sectors to combat cybercrime worldwide.
PAC is focused on linking the digital expertise and data of the private sector with the public sector’s threat intelligence to disrupt cybercrime ecosystems. PAC partners believe that a global approach and a unified effort to eliminate communication barriers will make it easier to get beyond the obstacles that typically shield cybercriminals, ultimately helping us to disrupt and disbar their activities.
One such example of WEF’s PAC efforts was introduced last year—the Cybercrime ATLAS project. This initiative is dedicated to mapping cybercriminal ecosystems to better understand their blueprint and facilitate more knowledge sharing among the public and private sectors.
I’m excited to share that we’ve already made great progress with this initiative, which we discussed and continued to advance at the recent meeting. Our community of cybercrime investigators have contributed over 1,000 hours, analyzed 13 major cybercrime groups and their connections, and law enforcement agencies have welcomed the resulting preliminary insights. We'll continue to build this knowledge base through Cybercrime ATLAS, and are currently working to identify even more means to cooperate and share intelligence about cybercrime activity.
I was incredibly encouraged by the levels of engagement, optimism, and collaboration I witnessed during the recent WEF Annual Meeting on Cybersecurity meeting. The more opportunities the public and private sectors can identify for collaboration, the greater momentum we'll have in staying ahead of and disrupting cybercriminals.