What I Heard at Davos: The Actionable vs. The Alarmist

Every year at their annual Summit in Davos, the World Economic Forum brings together the top leaders across government, business, and academia to share their views on addressing critical problems facing our planet. This year I was lucky enough to join the conversation, on “Mastering the Fourth Industrial Revolution.” I previously wrote about the importance of maintaining trust in the digital systems that are driving this revolution and it’s hard to imagine that we as a society can optimize the value and productivity of this Fourth Industrial Revolution without substantially overcoming the very real security issues that could undermine the trust required to operate our increasingly digital society. After returning from Davos, I am even more convinced of the timeliness of this conversation.

The conversations I heard and participated in at Davos largely mirrored the discussions we are having in the security industry today, which I would parse into two sections: the actionable and the alarmist.

The actionable conversation. In keeping with the goals of the conference to develop global solutions to global problems, there were plenty of discussions and debates on the importance of the trust required in the digital age and the path forward to maintain and regain that trust.  I believe that all attempts to bring people together to chart the path to the future in this regard is helpful.

One of the efforts we started last year at Palo Alto Networks, was to work with the New York Stock Exchange to bring together over 30 senior business leaders, academics, and technical experts to collect best practices and practical advice for corporate directors and officer’s struggling with cyber risks. Many topics raised in this book were echoed in Davos including realizing that cyber is not solely a technical issue.

Rather it is part of an economic fabric that is inherent in all things in the digital age. Because of this criticality it not only requires public private partnerships, but also the development of international norms and behaviors including the protection of privacy and the personal responsibility for cyber hygiene. In this regard, the forums and discussions at Davos continued to help us move the conversation forward.

The alarmist conversation. However, in a number of specific sessions with industry experts across many verticals, the discussion continues to stagnate on the problem, focusing on who can come up with the most frightful scenario.  While its critical to understand these nightmare scenarios, continued focus on those alone are a disservice to our future. It’s the security industry’s responsibility to pivot the dialogue towards finding solutions as opposed to continually rehashing how bad things can get. One example of how we can evolve this conversation is through the Cyber Threat Alliance. Palo Alto Networks and other members of the security industry are sharing information on cyber threat campaigns in order to increase the protection of all our customers. This cooperation has already led to several operational successes, including our recent research on the Scarlet Mimic campaign. This type of cooperative solution needs to be the focus of our conversation in cyber today because the stakes are too high for us to get this wrong.

Cyber risks will always be with us, but we must find ways to make these risks quantifiable, manageable, and insurable. The necessary steps ahead of us will take a lot of work in order to pivot the conversation from the problem to prevention. It will require international norms of personal, corporate, and national behavior, better sharing of best practices and cyber threat information, and continued investments in the development of innovative technology. But these are achievable steps, and by working out solutions together we can secure the future, rather than remain paralyzed be fear of the present.