Next week, I will have the privilege of participating in the annual meeting of the World Economic Forum (WEF) in Davos, Switzerland, organized this year around the theme of “Responsive and Responsible Leadership.” As WEF notes, 2016 demonstrated that existing systems and institutions at national, regional, and global levels have strained to keep pace with an increasingly complex and interconnected world. Yet, the growth of this complexity and interconnectedness shows no sign of slowing, as the Fourth Industrial Revolution (last year’s theme) drives “the convergence of technologies that blur the lines between physical, digital, and biological systems.”
As I noted last year in the run-up to Davos, the future prosperity promised by the Fourth Industrial Revolution relies upon the trust that we all place in technology to function properly – and securely. Our embrace of connected devices, smart homes, self-driving cars, and other innovations underpins the digital economy, but it also leaves us vulnerable to new forms of attack. Cybersecurity, therefore, is an absolute necessity for future economic prosperity. For this reason, I can think of few topics that more urgently require responsible leadership than cybersecurity – and not just cooperation but also collaboration among public and private sector interests.
Responsible leadership in the digital age requires questioning established practices and leading the implementation of changes when warranted. To this end, I will encourage my fellow attendees to adapt to the emerging threat environment by choosing a prevention-based approach that proactively identifies and manages cybersecurity risks to their organizations. For many, this involves scrutinizing legacy approaches to cybersecurity that have failed to keep pace with the Fourth Industrial Revolution, and ensuring that operational teams apply the proper combinations of people, process and technology to prevent successful attacks.
The decreasing cost of computing power makes it easier and cheaper than ever for cyber criminals to launch attacks in greater volume and with greater sophistication. Attackers enjoy decreasing start-up and marginal costs, using automated, specialized, and scalable tools to achieve their objectives. Legacy defenses are inadequate to deal sufficiently with this rise in volume and sophistication, dependent as they are on decades-old core technology, patchwork systems and manual intervention by security teams. To effectively address this risk, responsible leaders must instead focus their organizations’ cybersecurity efforts on automated prevention of attacks, decreasing the likelihood of, and raising the cost required for, a successful attack. By focusing on prevention, we make attacks cost-prohibitive for attackers, diminish their success, and securely enable the technologies underlying our digital age.
The Fourth Industrial Revolution holds great promise, but it will also challenge us in unprecedented ways. Few challenges, in my view, are as serious as that of cybersecurity, which is why it is the perfect topic for responsible leadership. I look forward to bringing this message to Davos, and hope we can all work toward a fresh approach to cybersecurity focused on the prevention of successful cyberattacks.
[Palo Alto Networks Research Center]