• The growing interdependence of digital systems is being exploited by cybercriminals.

• Ransomware is a particularly flourishing sphere of cybercrime.

• A collective response from society, governments and private organizations is needed.

In less than a decade, cybersecurity threats have emerged as a systemic risk for the global economy’s digital transformation journey. Emerging technologies that boost this digital economy – such as cloud, AI and quantum computing – are increasing the complexity of the technology landscape and accelerating the interconnectivity and interdependence of public and private ecosystems.

The exponential growth in the frequency and sophistication of cyberattacks is facilitated by this complex supply-chain ecosystem. The same technological drivers that are lifting the economy have also created a perfect environment for cybercriminals. Coordinated groups operate unchallenged in these new environments, with virtually unlimited funds at their disposal.

The most significant example of the systemic nature of cybersecurity risk is ransomware. Ransomware is a flourishing criminal industry, risking both the personal and financial security of individuals. The recent attack on a Colonial Pipeline in the US has made the real-world impact of ransomware on everyday lives all too clear. Globalized, interconnected economies act as a catalyst that multiplies the risk, as proven by recent incidents.

Ransomware has become a top threat to international security and a global challenge requiring a coordinated response. As institutions across sectors increasingly become targets, a single attack can rapidly spread across borders, much like the 2017 WannaCry ransomware attack that affected 150 countries. It is expected that the impact of such an attack in 2021 could be even more severe leading to vast losses, devastating blows to critical infrastructure, and the generation of further funding for illegal activities.

Managing systemic cybersecurity risk is already a major challenge for which individual action is not enough. In order to tackle the vulnerability of the ecosystem, a fundamental shift towards a collective response is needed from society, government and organizations. Only through such a coordinated approach can we hope to turn the tide of these attacks.

Firstly, the community needs to raise the cost of committing cybercrime to deter the actions of threat actors. An international coalition of law enforcement and governments is needed to disrupt the activities of ransomware operators. Businesses have a key role to play and must support law enforcement agencies in their efforts to bring more criminals to justice. Only three in 1,000 cybercriminals are currently prosecuted, according to US-based think tank Third Way. Industry can play a key role in helping authorities to identify targets for disruption – from criminals to infrastructure, to enabling criminal services and financers. Ransomware operators are able to play the system by moving their operations to jurisdictions with lenient or lax legislation on cybercrime. In the future, international data-sharing regulations must support collaboration across global borders, instead of hindering the fight.

Secondly, a global network for information-sharing on ransomware is required. Joint analysis and quickly sharing findings on new and emerging threats can ensure that security controls are intelligence-led and applied collectively to stop ransomware in its tracks. Each ransomware variant poses a different threat, so our response must be constantly evolving, powered by information-sharing that enables a real-time response.

Moreover, collaboration should not be limited to information-sharing. Threat-specific public/private collaboration cells, as were recommended in the World Economic Forum Partnership against Cybercrime report, are needed to support the concrete disruption of threats. By harnessing the capabilities of both the private and public sectors, such focused threat cells provide a mechanism with which to raise the cost and risk of perpetrating cyberattacks.

Intervention earlier in the ransomware chain of events is recommended
Intervention earlier in the ransomware chain of events is recommended
Image: World Economic Forum/Accenture

Fourthly, to respond to ransomware attacks more effectively, there is a global need for assuring the integrity and resilience of the interconnected business supply chain. This calls for a standardizing of certifications, enabling customers to have a holistic view of their suppliers’ security posture. In addition, an early warning system must be established across the supply chain, based upon a clear mapping of how organizations interconnect and agreed protocols for cooperation. Key stakeholders must work together to develop better defences and share best practices for preventing ransomware attacks. As proven in recent months, the supply chain is only as strong as its weakest link.

It is in the interests of society to disrupt the ransomware business model and to decrease its profits. The explosion of ransomware as a lucrative criminal enterprise has been closely tied to the rise of cryptocurrencies, which allow for anonymity and transactional opacity. Governments should require cryptocurrency exchanges, crypto kiosks and over-the-counter (OTC) trading “desks” to comply with existing laws, including know your customer (KYC), anti-money laundering (AML), and combatting financing of terrorism (CFT) laws.

Finally, collective readiness is essential. With ransomware attacks increasing in frequency and impact across the supply chain, more mature organizations have a chance to support those with fewer resources or capacity. Small and medium-sized enterprises can be especially impacted by cyberattacks and would benefit from the support of major public and private sector organizations. Public and private sectors must work together to develop practical operational capabilities such as nationwide and cross-sector tabletop exercises. Protocols to respond together, and communicate effectively when a ransomware strikes, are essential.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

In short, emerging technology is shifting the response paradigm: a global response is required for a global, systemic risk. It is essential that both business and governments anticipate and incentivize collaboration and accountability through strong public-private efforts, which will raise the cost and the risk of committing cybercrime. For the private sector, this starts by building and enhancing our information-sharing relationships, within industry and with the public sector, to deliver a more holistic approach to incident response, threat management and disruption. By joining forces, and creating concrete channels for information-sharing and tactical collaboration, we can make a decisive shift in the fight against cybercrime.