- Businesses must balance the value of 4IR technologies against the fact that they can make companies more vulnerable to cyber threats.
- By implementing a security by design approach to cybersecurity, risk management precautions are baked into the start of any 4IR initiative.
- Becoming data stewards by investing in data management and governance will help build trust with customers by safeguarding their personal information.
Companies are racing to adopt Fourth Industrial Revolution (4IR) technologies such as artificial intelligence (AI), the Internet of Things (IoT), and blockchain. Six in 10 companies globally said they plan to make significant investments in both AI and the IoT, according to PwC’s 2018 Digital IQ survey.
Expectations are high for these transformative technologies. When used to full potential, they promise to upend many established practices. Consider an appliance manufacturer. Embedding connected sensors into products will enable it to collect data on how those products are used, how often they’re used, and when maintenance and repairs are needed. In addition, the company might also be able to handle maintenance and repairs remotely, or develop new aftermarket services.
The potential of these 4IR technologies is vast, but so are the cybersecurity threats and reputational damage that can accompany them. The interconnectivity that comes with IoT opens up new vulnerabilities. For example, an IoT device that’s within a corporate network but doesn’t have appropriate security may provide an entry point to infect corporate databases, potentially exposing a huge volume of private customer or employee data over a short period of time. Another risk comes from poorly developed AI algorithms, which can lead to automated, unchecked business decisions that harm some customers, possibly resulting in lost business and damage to the brand.
So, while businesses are embracing 4IR, they should be preparing to combat 4IR-driven cyber threats, which can infiltrate a firm’s networks at an unprecedented scale and speed.
Partner your innovators
with your cyber pros
To improve their cybersecurity efforts, organisations should start by integrating security early in their innovation cycle. We call this ‘security by design.’ But according to our latest Digital Trust Insights report, just over half of companies bake proactive risk management measures into their digital transformation projects “fully from the start.” While financial services led the surveyed sectors with 66 percent, consumer markets had the lowest score: 49 percent.
Security by design is critical when organisations deploy advancing technologies that create new ways for cyber criminals to attack. Consider the IoT, which can encompass thousands or even millions of sensors and edge devices, any one of which could potentially be used to infiltrate a corporate network.
The rising number of cyber attacks gives businesses an opportunity to learn from the 4IR security experiences of other companies in their own and other industries. They can find out how hackers breached other firms and assess whether that type of attack could impact their company’s tech architecture. Businesses can also look for parallels between their and other organisations’ operations and then seek to emulate what is working well in comparable firms.
Another source of relevant insights into cyber threats is MITRE ATT&CK, which stores a knowledge base of adversary tactics and techniques based on real-world observations. Businesses can also use commercial threat intelligence services and get involved in organisations such as ISACs (Information Sharing and Analysis Centers including FS-ISAC, RH-ISAC, and H-ISAC), as well as the Information Security Oversight Office (ISOO) and, if based in the US, the National Institute of Standards and Technology (NIST).
Be your customers’
One of the primary goals of organisations that deploy 4IR tech is to improve their customer experience. Ten years ago, providing good service meant personally managing customer information. Today, it means becoming a data steward: a reliable liaison between a customer’s private information and the technology that houses it. This kind of ‘digital contract’ between businesses and individuals is now commonplace, expected, and often demanded by customers.
Yet, despite the obvious importance of securing customer data, only about half of businesses worth US$10 million or more are making large investments in data governance, creating transparency in their data use and storage, and increasing the control individuals have over their personal data. There’s clearly a significant need to improve data governance — and the impetus to do so is equally crucial.
After all, businesses that underinvest in data management could lose customers to competitors that offer more secure data systems or more efficient services. That’s why it’s essential for firms to teach employees how to safeguard data and work in collaboration with 4IR technologies, including controversial ones like AI.
Where to start pairing
4IR with cybersecurity
To realise the full potential of 4IR, anticipate the security challenges right from the start by taking these steps:
- Empower the team behind 4IR projects to build scalable successes by including cybersecurity professionals from day one.
- Establish appropriate governance, which should encompass the IoT’s devices and applications, the data managed, and all the technologies that are integrated with the IoT, including the essential eight technologies.
- Be transparent to customers about the level of security and privacy your company provides, and assert that your firm will take responsibility for any errors.
- Make use of technologies, including robotic process automation (RPA) and machine learning (ML), to help protect data, and, in some cases, to predict cyber attacks.
- Practice responsible AI and understand how your algorithms make decisions, and work diligently to ensure that those decisions are ethical and as free of bias as possible.
- Network with peers to expand your knowledge and develop expertise in security challenges that are specific to your industry.
It’s clear that companies cannot be ‘4IReady’ without effective security controls. So think of cybersecurity as your strongest 4IR ally.