The Growing Risk of Cyber Inequity: A CISO’s Perspective

By Harold Rivas · March 26, 2024

As a CISO, you’re always mindful of risks to your organization. But increasingly those risks extend beyond the borders of your own organization and security controls. In an interconnected world, your security may be only as good as your weakest link. Those weak links may be suppliers, people who touch components of your products, or even the cybersecurity of a tiny player in your industry or ecosystem.

This topic came to the fore recently at the 2024 World Economic Forum (WEF) conference, where the WEF released a report warning about global disparities in cybersecurity. I had the opportunity to go to Davos, Switzerland, for the WEF meeting in mid-January, and participated in multiple conversations around cybersecurity. Here are some key takeaways from a CISO’s perspective.

Your risks today are more complex in today’s interconnected world

Most organizations today are not self-contained monoliths. In reality, they are collections of organizations. Multiple potential weaknesses in your supply chain could significantly disrupt your organization.

An example that comes to mind is when a ransomware incident at the Port of Nagoya, Japan, took the port’s processing computers offline. Ships may still come in from all over the world, but you can't unload the cargo if you don’t know what the ship is and what it’s carrying. In such an incident, an attacker takes one computer system offline at one port, affecting the entire global supply chain.

What’s more, there’s a potential for a snowball effect. Suppose one of those ships carried the boxes that grocery stores put strawberries in. Now, the strawberry supplier cannot package their product for distribution to grocery stores. Those strawberries are rotting because they can’t be sold without the right container. The smallest player can get hit, but the effects can be far-reaching.

Cyber inequity is a growing global issue

This issue is reflected in global cyber inequity, which was a major theme at Davos. We have massive multinational corporations that have the resources to invest in cybersecurity, but their suppliers may not. Advanced nations and global corporations have the means to protect themselves, but less developed ones can’t invest, so they are inherently less secure.

According to WEF research for its Global Cybersecurity Outlook 2024 report, 41% of the surveyed organizations that suffered a material incident in the past 12 months reported that it was caused by a third party. The Secretary-General of INTERPOL, Jürgen Stock, was quoted as saying, “No country or organization is spared from cybercrime, yet many are direly underequipped to effectively face the threats, and we cannot have effective global response mechanisms without closing the capacity gap.”

Collaboration is needed to foster a more secure world

Cyber inequity is obviously a complex issue, but it’s worth asking how we can stop this cycle. I don’t want to believe it’s inevitable that more advanced economies and organizations will be able to put in the effort and resources to improve cybersecurity while the less advanced are doomed to fall further behind.

While a global response is needed, I think there are steps all of us in the CISO community can take to foster a more secure world. I’ve mentioned in one of my previous blogs that one of the best practices you can take to protect your organization against ransomware is to share information and best practices with your fellow CISOs and cybersecurity leaders. The work Trellix is doing to democratize the adoption of XDR also helps bring advanced capability to organizations large and small via a cost-effective model for better security visibility, control, and response.

And I’ve written before about the Trellix CISO Council, which we formed last year to foster this kind of community and information sharing. For everyone in cybersecurity, it’s worth considering how you can help others in your ecosystem to be more secure.

Learn more about Trellix’s participation in the 2024 World Economic Forum and read our latest Mind of the CISO report: Behind the Breach.