5 key cybersecurity takeaways from Davos 2022
May 26, 2022
Table of contents
Change is possible. Those were among the first words splashed on the screen during the welcoming remarks session at the World Economic Forum's (WEF) annual meeting of 2022 at Davos. And the need for change is relevant like never before. The organizers invited around 2,000 people from all around the world to meet, discuss, and cooperate on finding solutions to the most pressing political, economic, ecological, and social problems, like the war in Ukraine, long-tail effects of the Covid-19 pandemic, climate change, and others.
Tom Okman, Co-founder of Nord Security
But, as Klaus Schwab, the founder, and chairman of the WEF, noted in his speech, those problems are complex and intertwined with other societal dimensions. So, to tackle them comprehensively, more than 400 panel sessions took place at Davos: from addressing the mistrust stemming from younger generations to global cybersecurity issues.
Being a co-founder of Nord Security, a family of market-leading digital security and privacy solutions for individuals and businesses, I naturally sought out panels and global experts to discuss cybersec matters. After attending many inspiring panels and speaking with old and new contacts, here are the five insights for cybersecurity I’m taking away from this year's Davos:
#1 The global bar of cybersecurity awareness needs to be raised
Human error remains the biggest threat in cybersecurity ecosystems. While your cyber threat intelligence team may monitor more than 100 ways to access your company's network, malicious actors only need one way to succeed. And it will most probably be in the form of a phishing attack. In the age where almost all of us are dependent on various forms of technology, we need to be sure that an average user can identify a suspicious digital activity on their own.
So all cybersecurity industry stakeholders are responsible for translating cybersec concepts and situations into understandable and familiar things for an everyday user. That is by no means an easy task, but it offers a terrific payoff because you are always only as secure as your weakest link.
#2 The perception gap of cyber resilience between leaders and in-house specialists
Suppose you ask an average C-level executive to rate their company's cyber resilience. There is a high chance that their estimate will be much higher than the in-house specialists. This situation illustrates the real gap between higher-ups and the people with a hands-on approach.
There could be numerous explanations for why this gap emerged in the first place. One of them tells us that C-level management operates on a threat landscape based only on known unknowns, while in-house specialists also realize that there are many unknown elements in the world of cyber threats. It could also be a case that your industry succeeded in avoiding major cyberattacks. In the experience of Davos attendees, boards and shareholders start taking an active interest in cybersecurity only if a cyberattack happens in their own market.
At the end of the day, the more your leadership team understands and anticipates a potential attack, the safer your business is. It's also worth noting that your top cybersecurity people should be included in other business areas to have a bigger picture. It helps with their engagement and provides a better context of potential attack vectors.
#3 Instead of trying to cover everything, focus on what you can improve right now
This year's Davos Annual Meeting mentioned an interesting thought: some companies are being attacked right now, and some do not even know they are being attacked. So naturally, the human reaction would be to go into a panic mode and try to cover every imaginable exploit or cyber threat in your infrastructure.
However, that may be noble actions doomed to fail. Matthew Prince, a co-founder, and the chief executive officer of Cloudflare, pointed out a simple but impactful principle of building the cyber resilience of your business. It would help if you started with a list of things you could do today, this week, this month, this quarter, or this year to make yourself and your company more secure. That way, you avoid being overwhelmed and continue making decisions that bring safety to your business.
#4 Cybersecurity companies need trust, which requires a moral license
In a comprehensive interview during a Davos one-on-one panel, Microsoft’s CEO Satya Nadella gave a few interesting examples about global companies that could be easily applied to cybersecurity companies. For example, when asked about developing the trust of Microsoft users in a corporate setting, he gave an example of trust coming from the core business mission. According to him, if you are a global brand, you will need to prove yourself and your mission in each country or region you’re planning to operate. It could be understood as earning a license to operate. If you create tangible value and benefits for local stakeholders, they will give you that license and put their trust in your brand.
#5 Cybersecurity and reskilling
The job market in the cybersecurity industry is experiencing a critical shortage of talent. Yet we are seeing reports of job displacement and rising inequality at the same time. As a result, half of the global labor force that demands new jobs with better opportunities will need reskilling.
It might sound like a problem often left for the world's governments to solve. However, time is not an ally in this case, and the cybersecurity industry could benefit from showing initiative and being proactive. Any reskilling, upskilling, and education transformation will bring a satisfied and renewed workforce by co-creating and scaling initiatives that enhance people's prospects.