In our last post, “HP: The High Cost of Platform Security Breaches,” we dug into the findings from a recent report from HP Wolf Security which revealed the difficulties involved in securing end-user devices — and the hit organizations are taking when that fails.
In addition to devices, there’s a plethora of potential entry points for nefarious entities to infiltrate sprawling organizational systems.
Just ask the U.S. Department of Treasury, which experienced a major security breach late last year, allegedly at the hands of “state-sponsored Chinese actors,” according to a recent article in Foreign Policy.
“According to a letter sent by the Treasury Department to U.S. lawmakers, the hackers infiltrated BeyondTrust, a third-party software service provider, and used a stolen key to remotely access certain workstations,” the article says. “The incident marks the latest breach of sensitive data in a year that has seen an uptick in high-profile cyberattacks on the United States.”
In an always-on, extensively connected global world, maintaining reliable supply chain cybersecurity is increasingly difficult. And according to a new report from the World Economic Forum (WEF), the growing complexities involved are making it even more challenging to achieve.
Global Cybersecurity Outlook 2025
On January 13, WEF announced the release of its new report, Global Cybersecurity Outlook 2025. Written in collaboration with Accenture, WEF says the report “examines the cybersecurity trends that will affect economies and societies in the year to come.”
Key takeaways include:
- 54% of large organizations “identify supply chain interdependencies as the greatest barrier to achieving cyber resilience.”
- Geopolitical turmoil has affected “the perception of risks, with one in three CEOs citing cyber espionage and loss of sensitive information/Intellectual Property theft as their top concern.”
- Growing complexity further “exacerbates cyber inequity, deepening the divide between developed and emerging economies, expanding sectoral disparities, and widening the gap between large and small organizations.”
“Cyberspace is more complex and challenging than ever due to rapid technological advancements, growing cybercriminal sophistication and deeply interconnected supply chains. The Global Cybersecurity Outlook equips leaders with essential insights to navigate these challenges and strengthen cyber resilience,” says Jeremy Jurgens, Managing Director, World Economic Forum. “Collaboration between public and private sector stakeholders is paramount to secure the benefits of digitalization for all.”
WEF says the report identifies “key factors driving the accelerating complexity and unpredictability in the cyber landscape, along with insights into their cumulative impact on both organizational and national cybersecurity posture,” which include:
- Supply chain risk interdependencies: “Increasing interdependency introduces vulnerabilities within interconnected supply chains, contributing to the growing complexity in cyberspace; 54% of large organizations consider supply chain challenges as the greatest barrier to achieving cyber resilience.”
- Geopolitical tensions: “The prevailing turmoil has affected the perception of risks, with one in three CEOs citing cyber espionage and loss of sensitive information/ intellectual property theft as their top concern, while 45% of cyber leaders are concerned about disruption of operations and business processes.”
- Security in the Intelligent Age: “There is a paradox between the recognition of AI-driven cybersecurity risks and the rapid implementation of AI without the necessary security safeguards to ensure cyber resilience. While 66% of organizations expect AI to have a major impact on cybersecurity in 2025, only 37% report having processes in place to assess the security of AI tools before deployment.”
- Evolution of the threat landscape: “The unprecedented level of sophistication in cyber threats enabled by emerging technologies enhances malicious actors’ ability to operate scams and social engineering attacks, generate disinformation, and execute ransomware at a pace, scope and scale never seen before. Nearly 47% of organizations cite adversarial advancements powered by GenAI as their primary concern.”
- Regulations: “While regulations bolster cyber resilience, 76% of CISOs at the 2024 Annual Meeting on Cybersecurity reported that fragmentation of regulations introduces significant compliance challenges.”
- Workforce challenges: “Since 2024, the cyber skills gap has increased by 8%, with two in three organizations lacking essential talent and skills to meet their security requirements; only 14% of organizations are confident that they have the people and skills they need today.”
“Cybersecurity threats are more complex and unpredictable than ever and can directly impact an organization’s financial stability. The disruptive force of AI, coupled with supply chain vulnerabilities and geopolitical tensions, calls for a more proactive and collaborative approach to ensure a strong cyber resilient posture across all industries,” says Paolo Dal Cin, Global Lead, Accenture Security. “C-suite leaders must adopt a security-first mindset from the outset to confidently navigate these challenges with cybersecurity as an enabler that keeps our businesses and organizations resilient.”
“Closing the Software Understanding Gap”
On January 16, the Cybersecurity & Infrastructure Security Agency (CISA) announced that in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA), it had published Closing the Software Understanding Gap that calls for “decisive and coordinated action by the U.S. government to obtain a deep, scalable understanding of software-controlled systems.”
“Specifically, the report calls for software-controlled systems that can be assessed to verify functionality, safety, and security across all conditions, which is currently not available,” CISA said.
The agency explained that mission owners and operators lack “adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it,” and that this dynamic leads to “exploited software vulnerabilities because technology manufacturers create software that is not secure by design.”
“Recent discoveries of adversarial state-sponsored activity in US critical infrastructure – primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems – pose imminent threats to US national security. The software understanding gap exacerbates the risk to this threat activity,” said CISA Technical Director Chris Butera. “Mission owners and operators have an enormous and accelerating dependence on the software underwriting U.S. critical infrastructure. With our partners, we urge the USG to close this gap before other nations and urge software manufacturers to align to Secure by Design principles.”
The report includes various recommendations to help “change the security posture of legacy and future software.”
“We have the tools today to greatly reduce the number of software vulnerabilities that plague our software infrastructure,” said DARPA’s Information Innovation Office Director, Kathleen Fisher. “Rapid action to implement these tools in legacy and future systems can dramatically reduce the United States’ cyber vulnerabilities ahead of future global conflicts.”For more information, please access the full report.
