• As more people connect over virtual environments, cyber security remains at the forefront for many businesses.
  • Companies have been warned to prepare for the worst as part of their cybersecurity strategy.
  • More than half of companies plan to increase their cyber security budgets.

The COVID-19 pandemic has accelerated technological adoption but has simultaneously exposed cyber security vulnerabilities and unpreparedness.

As global interconnectivity advances in the Fourth Industrial Revolution (4IR), security threats are undermining trust. The World Economic Forum’s Global Risks Report 2021 notes that cyber risks continue to rank high on the world’s list of threats.

In 2020, businesses around the world saw a spike in cyberattacks as more people moved to virtual environments to remain connected.

So, how are cyberattacks becoming more sophisticated, and how are companies changing their cyber security strategies to stay ahead of the cybercriminals?

Understand ransomware and malware

The 2021 Microsoft Digital Defense Report (MDDR) covering more than 8,500 security experts and spanning 77 countries highlights “big game ransomware” which is human-operated and involves criminals searching for large targets for pay-outs through criminal syndicates and affiliates.

Once a network is compromised, the aim is to steal confidential information, documents, and policies before demanding a ransom for its return. Typically, payment is demanded through cryptocurrency wallets, which allow criminals to remain anonymous.

The MDDR recommends that companies prepare for the worst to ensure they make it harder for attackers to access systems in the first place and to make it easier for victims to recover.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Steven Weisman, a lawyer and college professor at Bentley University, told Digital Guardian: “The best defense against ransomware is to back up all of your data each day. In fact, my rule is to have three back-up copies using two different formats with one off-site.”

Malware is an intrusive software that aims to take over a company’s server to damage or destroy computer systems. In an article for Forbes, Will Foret, President at IT support firm Spot Migration, said malware “can be a variety of malicious software. It is a catch-all term when talking about cyberthreats. It could be ransomware, spyware, worms or a virus”.

When navigating the tricky world of malware, Foret suggests: “Don’t hesitate to ask your IT department when you are unsure about something, and always go to a website by typing the URL in a new window before logging into anything.”

Stay alert for malicious emails

Phishing is the most common type of malicious email, and according to Microsoft’s observations of the emails that passed through its platform this year, the number of phishing emails being sent remains steady.

The MDDR states: “In 2020, the industry saw a surge of phishing campaigns that has remained steady throughout 2021. Internally at Microsoft, we saw an increase in an overall number of phishing emails, a downward trend in emails containing malware, and a rise in voice phishing (or vishing).”

A concept called ‘spear phishing’ has also developed more recently, which occurs when hackers target employees through emails that appear to be from other colleagues. This allows the attacker to easily steal personal information from victims.

Microsoft’s MDDR recommends that companies educate their employees about the context of the emails they receive to ensure they can spot any behavioural changes from their colleagues.

a chart showing thaticrosoft has seen a rise in phishing emails
Microsoft has seen a rise in phishing emails.
Image: Microsoft

A blog by security technology expert Kaspersky highlights "mindset" and user "behaviour" as two factors for strong cyber security and protection.

According to the blog about phishing emails and scams, it can be difficult to detect a phishing attack even for cautious users: “These attacks become more sophisticated over time, and hackers find ways to tailor their scams and give very convincing messages, which can easily trip people up.”

Kaspersky suggests a few basic measures that employees should take to protect themselves, including using common sense before handing over sensitive information, not opening attachments, keeping software up-to-date and not clicking on embedded links.

Close the cyber security skills gap

Companies struggling with cybersecurity breaches are also dealing with a skills gap. According to a report from the Information Systems Security Association (ISSA) and analyst Enterprise Strategy Group ESG, 95% of respondents believe the gap has not improved in recent years.

IT security specialist Edward Humphreys notes in an ISO interview that education is a company’s best weapon against cybercrime and that, without the right skills, companies are left open to threats.

“The worldwide shortage of skilled cyber personnel has a direct and significant impact on organizations and their ability to protect themselves,” he says.

More than half of enterprise executives plan to increase their cybersecurity budgets this year, according to a report from PwC. Furthermore, 51% said they would be adding more full-time cyber staff in 2021.

a chart showing that more executives are increasing cyber budgets than decreasing them in 2021
Security executives are increasing cybersecurity budgets.
Image: PwC

To address global cyber security challenges and improve digital trust, the World Economic Forum created the Centre for Cybersecurity. This independent global platform aims to foster international dialogues and collaboration across private and public sectors to reinforce the importance of cyber security.

The community has identified three key priorities as part of their work: building cyber resilience, strengthening global cooperation, and understanding future networks and technology.