The 54th Annual Meeting of the World Economic Forum (WEF) in Davos-Klosters, Switzerland hosted 3,000 participants from around the world, including heads of state and government ministers, business executives, and hundreds of civil society leaders, academics, youth representatives, social entrepreneurs, and news outlets.
The theme of this year’s meeting was “Rebuilding Trust” and focused on the fundamental principles driving trust, including transparency, consistency, and accountability.
Ann Cleaveland, CLTC Executive Director, was invited to participate in multiple events throughout the week. Below are some of the key highlights from her time in Davos.
Cybersecurity Futures 2030
Cleaveland’s first stop in Davos was to deliver a special presentation of “Cybersecurity Futures 2030” on the Betazone stage. In this session, Cleaveland shared some background about the scenario-planning project, on which CLTC has been collaborating with the World Economic Forum’s Centre for Cybersecurity to explore what cybersecurity will look like in the year 2030 — and what it means for today’s organizations.
Cleaveland’s presentation took the audience into a proverbial time machine to take a look at some of the different ways the future could evolve — and what decision-makers can do now to prevent the harms and amplify the opportunities of those plausible futures.
“Any number of geopolitical events could unfold in the coming years. And when they do, they will feel like a surprise unless you prepare for the future based on insights that are robust across scenarios.”
Ann Cleaveland
From conversations and workshops hosted around the world, Cybersecurity Futures 2030 identified three cross-cutting insights that CEOs and government leaders should have on their agendas as they prepare to navigate the next few years. Cleaveland explained that those insights relate to three T’s: trust, tempo, and talent.
Following her presentation, Cleaveland was joined by Ken Xie, Founder, Chairman of the Board and Chief Executive Officer at Fortinet, for an expanded dialogue about the three T’s, including Xie’s strategic insights for individuals and organizations to consider as we approach radical transformation across the digital security landscape over the next 3-5 years.
“You need a whole community of partners from education and academia, non-profits, and the business and government sides working together to raise awareness around the importance of cybersecurity. A lot of training and education needs to be brought to a lot more people to make sure we have a safe digital world.”
Ken Xie
Xie responded to Cleaveland’s three T’s by presenting three C’s: convergence, consolidation, and community.
“The internet of today is very different from the internet of 50 years ago. There are many more people and devices connected globally across millions of applications with different content,” Xie said. “Today’s internet protocol cannot handle different trust levels — that’s where network security comes in.” Xie proposed using convergence across different content, applications, users, devices, and locations to match the speed of trust with the speed of innovation by 2030.
Next, Cleaveland asked Xie to expand on the concept of tempo and how he thinks about managing risk as the digital attack surface grows. “Consolidation in the cybersecurity industry will be the solution to managing the increased risk,” Xie said. “You need to consolidate from the function level, device level, even from the company level in order to be more efficient, lower cost, and handle more cybersecurity risk.”
Finally, the pair discussed what is needed to transform the talent equation for cybersecurity and support smaller organizations — such as non-profits, small cities and municipalities, and other small critical infrastructure providers — in practicing the same cybersecurity services that larger enterprises can afford. Xie referenced Fortinet’s partnership with the WEF Centre for Cybersecurity to create a global cybersecurity certification and training program that has certified over 1M people as cybersecurity experts.
“We need a community effort to handle cybersecurity training — different vendors working together in partnership with people from the academia, non-profit, business, and government side to refresh the knowledge base and train a broader population of people on the importance of cybersecurity,” said Xie. “It’ll take a whole community together to bring this training up to speed.”
Cracking the Code
Cleaveland’s next stop was to moderate a panel as part of WEF’s Open Forum program, which invites members of the Swiss public and online viewers from around the world to participate.. The panel, titled “Cracking the Code,” focused on how organizational leaders can foster innovation and cooperation to ensure preparedness against increasingly sophisticated cyber threats caused by extensive collaboration among cybercriminal networks and their adoption of emerging technologies.
Cleaveland was joined by Michelle Zatlyn, Co-Founder, President and Chief Operating Officer at Cloudflare; Lauren Woodman, Chief Executive Officer at DataKind; Kathy Liu, joining as a member of WEF’s Global Shaper Community; and André Kudelski, Chairman of the Board and Chief Executive Officer at Kudelski Group.
The panelists discussed trends in cybercrime operation and innovation, how to out-think phishing and social engineering attacks, defending the social sector, and collaborative tools to help solve these problems.
“People and businesses are using the internet more than ever — and by a lot. If you look at cyberattacks, they’re also at an all-time high. Last year, traffic from APIs made up about 50% of all internet traffic…but only about a third of those APIs are protected. It’s become this new attack surface area we have to think about. I think we’re better prepared, but we do have to take it seriously since the data is against us.”
Michelle Zatlyn
“When I think of my generation, we’re a lonely generation that is very hyper-connected digitally, but not as connected relationship wise. That creates a vacuum for artificial intimacy to be weaponized by phishing attacks or disinformation, which look to your human fundamental trust and influence through those intimate relationships that they’re able to build with us. One way we can creatively outthink an attacker is to go back to our human core.”
Kathy Liu
Deconstructing the Ransomware Epidemic
Cleaveland’s final stop at the meeting was at a session organized by Fortinet as part of WEF’s Affiliate Program. Cleaveland was joined by fellow panelists Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at Fortinet; Tom Okmanas, Co-Founder of Nord Security; and moderated by J. Michael Daniel, President & CEO of Cyber Threat Alliance and Co-Chair of the World Economic Forum Global Future Council on the Future of Cybersecurity.
The panel offered insights into deconstructing the ransomware epidemic. As Daniel and Manky remarked, ransomware has evolved from a nuisance crime into a threat to national security, economic prosperity, and public health and safety. It still remains one of the top crimes on the internet, and double, triple, and even quadruple extortion are now common.
The panel explored the preparations needed from leaders now as new advancements and corresponding security challenges emerge at an unprecedented pace. Cleaveland pointed to insights from the Cybersecurity Futures 2030 project about the pace and scale of digitalization in emerging economies. “Leaders need to pay attention to how the attack surface is growing, as much as the capabilities of specific emerging technologies,” she said. “A ransomware attack can be existential for public infrastructure and community organizations, which are often the least equipped to defend themselves,” she added.