Microsoft and Fortinet are among the technology companies supporting the official start of an effort to map cybercriminal activities and identify joint public and private sector responses to cyber threats.
Work on the Cybercrime Atlas will be hosted by the World Economic Forum for the next two-to-three years, it was announced today. The two tech companies, plus PayPal and Banco Santander, will help pay for the secretariat backing the Atlas until it is sufficiently established to become an independent platform.
The announcement was made at the forum’s annual meeting in Switzerland.
The goal is to provide a platform for leading cybercrime investigators, national and international law enforcement agencies, and global businesses to share knowledge, generate policy recommendations, and identify opportunities for co-ordinated action to fight cyber threats.
First announced at the RSA Conference in San Francisco in June 2022, work on the Cybercrime Atlas has started with the analysis of 13 criminal groups by cybercrime investigators, the forum said in its statement.
“Cybercriminals work in the shadows and exploit vulnerabilities to inflict devastating attacks,” Microsoft vice-chair and president, Brad Smith, said in a statement. “The Cybercrime Atlas provides an important forum that brings the public and private sectors together to share actionable information and leverage cross-sector data, capabilities and expertise, crucial to disrupting cybercrime quickly, and at scale.”
Separately, the forum issued its annual global cybersecurity outlook, saying its research shows business leaders are more aware of their organizations’ cyber issues than they were a year ago. “Nonetheless,” the report added, “cyber leaders still struggle to clearly articulate the risk that cyber issues pose to their organizations in a language that their business counterparts fully understand and can act upon. As a result, agreeing on how best to address cyber risk remains a challenge for organizational leaders.”
Among the survey findings:
— business and cyber leaders believe global geopolitical instability is moderately or very
likely to lead to a catastrophic cyber event in the next two years;
— the character of cyber threats has changed. Respondents now believe that cyber attackers are more likely to focus on business disruption and reputational damage. These are the top two concerns among respondents;
— 43 per cent of business leaders think it is likely that, in the next two years, a cyberattack will materially affect their organization;
— the data protection and cybersecurity concerns created by geopolitical fragmentation are
increasingly influencing how businesses operate and the countries in which they invest;
— lack of skilled cyber experts is a threat to businesses and societies, with key sectors such as energy utilities reporting a 25 per cent gap in critical skills. A broad solution to increase the supply of cyber professionals is to expand and promote inclusion and diversity efforts, the report says. In addition, understanding the broad spectrum of skills needed today can help organizations to expand their hiring pools;
— cyber executives are now more likely to see data privacy laws and cybersecurity regulations as effective tools for reducing cyber risks across a sector. This is a notable shift in perception from the 2022 Outlook report, say the authors.
Cyber and business leaders still have a great deal of work to do to truly understand each other, articulate the risk cyber issues pose to their business and translate that into
meaningful management and mitigation measures, the report warns.
“As the cyber landscape promises to become more complex in the coming years, it is critical that organizations work to resolve this now if they are to build systemic cyber resilience for the long term.”
The report’s conclusions resulted from analysis of data from many sources: a survey of global organizational leaders; a workshop with the World Economic Forum’s Cybersecurity Leadership Community and Global Future Council on Cybersecurity in October 2022, as well as workshops conducted during the World Economic Forum’s Annual Meeting on Cybersecurity in November 2022; interviews with experts and bilateral meetings; the collection of data from reports, research and articles published by the World Economic Forum and reputable third parties; and consultations with 151 global organizational leaders.
