The growing interconnectedness of technological systems and other critical infrastructure poses a major cyber security challenge, said a panel of experts at the World Economic Forum (WEF) in Davos on Monday (May 23).
As cyber threats increase in volume, scope and sophistication, governments and businesses need to cooperate more closely despite competing interests, the panel added.
The panellists consisted of Singapore's Minister for Communications and Information Josephine Teo; Dr Jurgen Stock, secretary-general of the International Criminal Police Organisation (Interpol); Mr Chander Prakash Gurnani, managing director and chief executive of information technology services firm Tech Mahindra; and Mr Robert M. Lee, chief executive and co-founder of the cyber security firm Dragos.
One major area many companies overlook is the need to secure the technology used to run crucial operations like power generation and manufacturing, noted Mr Lee.
While business leaders are more aware of cyber security now, most companies "spend more time on the website than they do on the gas turbine system" when talking about cyber security, he said.
"The stuff that actually generates revenue and the things that actually have national security, safety and environmental impact are on the operations side. It's all the control systems that were never really connected before," Mr Lee said.
He added that governments need to be aware of areas where threats to such systems carry a national security risk and be prepared to support and fund programmes to plug the gaps.
Mrs Teo agreed, saying cyber risks are increasingly connected with many other areas such as geopolitical and economic risks.
She said the growing exploitation of supply chain weaknesses and third-party software vulnerabilities is rapidly increasing the number of potential targets for criminals and creating an extremely lucrative "self-funding" underground criminal ecosystem.
But even as businesses face challenges in digitalisation, leaders cannot afford to de-prioritise cyber security as this will cause long-term consequences, she said.
Governments can play an active role in setting high security standards for critical infrastructure like power generation facilities, even if it is operated by a private entity, said the minister.
"There are also other ways in which we can help. For example, understanding where the risks are; I think this is where governments can play an active part."
Mr Gurnani said reliance on technology is high in many critical sectors like power, utilities, telecommunications, healthcare, education and government services.
It is no longer enough for essential service providers to secure their own systems as threats can easily come from outside. As an example, Mr Gurnani cited a case of a bank whose systems were affected after a person working at a law firm engaged by the bank clicked on a phishing e-mail.
Dr Stock said cyber criminals are organising in increasingly sophisticated ways, connecting anonymously over the Internet and offering their skills for a specific attack before going their separate ways. Yet, law enforcement agencies still tend to work within their own jurisdictions.
"It's a global problem, and it requires a global solution... You cannot deal with it just on a national level or on a regional level," he added.