Global Cybersecurity Forum in Riyadh hears calls for greater resources to police online world

Attendees at the event, being held in Riyadh, heard how damage caused by hackers was expected to amount to $10.5 trillion by 2025, and that firms were experiencing soaring operational costs because of increases in real-time losses owing to theft, network downtime, and rising insurance premiums.

Abdulrahman Al-Fageeh, acting chief executive officer of Saudi Basic Industries Corp., said warnings were getting louder as firms battled against an increasing number of attacks.

“At an organizational level, it affects revenue and costs. For example, revenue in organizations has been reduced by five to 10 percent due to cyberattacks.

“The downtime to resolve cyberattacks can take up to 45 days. In addition, costs are becoming unpredictable as insurance costs are increasing significantly,” he added.

Khaled Al-Dhaher, deputy governor for control and technology at the Saudi Central Bank, urged companies to invest in technology wisely.

He pointed out that investment in firewalls and security middleware, with the proper governance approach and capability, could go a long way in detecting and troubleshooting the growing menace.

“It will create the right impact for the cybersecurity strategy. There has to be a continuous investment in innovation to address these evolving landscapes, and it is critical to have some threat intelligence,” Al-Dhaher said.

And he noted that businesses could not fight in isolation.

“A collaboration between different entities is a must because this is a war against criminals trying to damage us,” he added.

The forum heard that one of the worst-affected industries in cyberspace was the financial sector, especially the crypto community, which had been at the receiving end of cybersecurity problems.

According to speakers at the event, there was an increasing need for innovation in the financial sector, which had recently introduced user-friendly measures such as open banking.

Al-Dhaher said: “There is no doubt that innovation is critical to enabling and continuing trust in this sector. Artificial intelligence can help predict, protect, and minimize the impact.”

Saudi Arabia had recognized the threat and was gearing up to combat cybercrime, according to Alex Liu, managing partner and chairman of global management consulting firm Kearney.

He said the Kingdom had made huge progress in its commitment to combating cyberattacks, with Saudi Arabia ranking second on the Global Cybersecurity Index among nations committed to cybersecurity.

“I’m inspired by the fact that in just two short years, the Kingdom has become No. 2, and I think that comes from urgency and proactivity,” he added.

Liu noted that cybersecurity was one of the top three risks facing countries and companies and the urgency to counter it needed to be increased.

During a separate panel session, Isa Ali Ibrahim, Nigeria’s minister of communications and digital economy, suggested that the world needed 3.4 million more cybersecurity professionals to combat the rise in online crime.

He said: “In July, a report suggested that we need 8.1 million cybersecurity professionals globally this year. Today, we have around 4.7 million professionals, and still, we have a vacancy of 3.4 million.” He added that malware was being released every 4.2 seconds.

“If you compute this 4.2 seconds for one week, you will discover that every week, 144,000 malware applications are being released. It is the responsibility of the government to set standards and guidelines to ensure that there is no compromise to cybersecurity.”

Citing a UN report, the minister noted that the world population would hit 8 billion by Nov. 15 and that the population boom was demanding a rise in funds for cybersecurity initiatives by governments.

He said: “According to Accenture, by 2023, the total amount that will be lost through cybercrime could be more than $5.3 trillion, and it is more than 35 percent of the entire gross domestic product of a country like China with a population of 1.44 billion. It is more than 173 percent of the entire gross domestic product of Africa with 53 countries.”

Ibrahim added that by 2025, the total amount lost to cybercrime would reach $10.5 trillion.

Highlighting the findings of an Accenture report, he said that a cyberattack took place somewhere in the world in every 39 seconds.

“These attacks may be either targeting individuals, sometimes private sectors, or public sectors. Because of this, governments are spending a huge percentage of their wealth on cybersecurity.

“In addition, what I think is critical here is the need to attain cybersecurity maturity, and most importantly to attain cybersecurity immunity.

“We must be in a situation, where people, even when they attack, what they are going to lose from the attack is even higher than the damage or costs to the institution which they attacked,” Ibrahim added.

Cybersecurity methods, he said, required a proactive approach as technology was advancing every day.

Craig Jones, the cybercrime director of global policing organization Interpol, said that law enforcement was not currently equipped to deal effectively with transnational crime such as cybercrime.

He pointed out that Interpol found it easier to deal with commodity-based crimes such as drugs and human trafficking, because it fitted into the police model of a particular jurisdiction, unlike cybercrime.

“The legislation is different country to country. We see the European Union, you have 27 member countries with joint laws, joint inputs, joint political initiatives, to deal with and combat cybercrime.

“But once you spread that out across the globe, there are different priorities. Some countries don’t even have the requisite laws. So, if it appears criminals are operating from one country, another country then tries to come in and identify these criminals and look to prosecute them and extradite them,” Jones added.

He also discussed the role of the police in combating cybercrime.

“The role of police is to protect communities; police are drawn from their communities. The policing model essentially was set up to deal with a local problem; a crime scene being local, the offender being local, and the victim being local.

“We could then develop legislation and laws, which could then be carried out by law enforcement in their country.”

In terms of law enforcement, he highlighted Interpol’s role in its 195 member countries.

Jones said: “What we’re seeking to do is to reduce the global impact of cybercrime and protect communities for a safer world and the model we’re following as a policing model.

“We’re looking from a global to local perspective. How can Interpol support and coordinate activities and operations, and we do it with people, process, and technology.”

Participating in the same panel, Marco Gercke, an international expert in the field of law related to cybercrime, said financial interest was often a driving factor, and criminals were taking advantage of increased digitalization.

“They’re realizing that they can make a lot of money by getting involved in this. The business models have changed. But it’s quite lucrative and it’s rather easy to set up. You don’t need to be an organized crime business that is in the market for a long period of time to get involved in cybercrime.

“And we have to be smart on the other side, through having the appropriate laws in place and having self-defense measures as companies, and as countries in place, changing our behavior, how we use devices, and how we protect ourselves, to respond to this increasing threat,” Gercke added.