The world we live in has evolved over the last few years, majorly due to the rapid advancement of technology in each field particularly the ecosystem termed Industry 4.0 which is driven by cyber-physical systems. Business models are getting transformed with traditional business models giving way to new ways of working in the digital world. The change, with it is bringing many challenges in cybersecurity and data privacy that technology leadership teams especially CIOs inevitably need to address.
Cyber security has become critical for governments, industries, and enterprises now as can be inferred from an IBM study in 2021 that cybercrimes are costing organizations to the extent of US$ 4.24 million to organizations, and it is estimated that cybercrime will cost $10.5 trillion by 2025. In today’s digital economy, an increasing amount of consumer and citizen data is collected from the large number of online transactions carried out by companies, individuals as well as government departments.
There are two perspectives to data privacy; one is of protecting the privacy of personal data collected from individual and organizational customers and another is of safeguarding the privacy of the data of the organization itself. When it comes to the privacy of customer data, there are laws and regulations in many countries that regulate privacy policies. Data worth millions are handled by many organizations in today’s digital environment and its privacy is imperative for organizations from the regulatory and customer experience perspectives.
Data privacy plays a critical role in establishing trust between individuals and organizations. When companies demonstrate their commitment to protecting privacy by prioritizing data privacy, they build a reputation for reliability and integrity. Similarly, failing to safeguard critical business data critical from unauthorized access could put your organization, your business partners, and even your clients or customers at risk of fraud, identity theft, or simple public embarrassment.
It is a very critical issue because, despite tremendous efforts to tighten and streamline digital systems during the last few years, cybersecurity risks continue to be pervasive. There are reports that say a total of 4,100 publicly disclosed data breaches comprising exposure of 22 billion records occurred in 2022 alone. All this happened in spite of organizations around the globe spending a large amount of $150 billion on streamlining cybersecurity in 2021.
Digital technology is changing with the emergence of artificial intelligence, machine learning, and data analytics in general which are transforming the way organizations use software applications and tools. The accelerating use of these technologies is, in fact, making software attacks more complex and the software more vulnerable. We will discuss below three approaches that can help companies adapt to and manage the security challenges of the digital world:
One is on the premise that the complexity of modern software systems and the technologies behind them make failure a feature, and not a bug. Therefore, new cybersecurity programs are not designed to have the avoidance of failures as their major objective. For instance, AI technology is inherently probabilistic and expected to be incorrect at times. Similarly, most contemporary software systems, though not probabilistic, are vulnerable to failures because of the complexities involved in their design.
This necessitates cybersecurity programs to switch their focus from methods to prevent security incidents to proactively identifying and managing failures whenever they occur. A zero-trust architecture, which even the U.S. government is adopting across its departments and agencies, assumes that all digital systems are likely to be compromised one way or another.
The other approach tries to state that the failure of software systems and data is just not about security risks, but involves a number of other potential harms, ranging from performance issues to privacy breaches, and more. The threat of compromising the integrity of software systems does not come only from the attack from an adversary but data changes, interdependencies, and use for AI systems can also cause failures.
Today, cybersecurity programs focus on comprehensive risk management which includes assessing how threats can occur and managing those risks, regardless of whether an adversary causes the compromise or not. Cybersecurity and privacy management teams comprise not just security experts but include lawyers, privacy experts, data scientists, and others to play vital roles in safeguarding software and data from evolving cybersecurity threats and safeguarding data privacy.
Last but not least, monitoring for breaches must be among the top-priority approaches for all organizations where cybersecurity is involved. However, the reality is different as can be seen from statistics that say companies took an average 9 months, to identify and prevent a breach. Most organizations are still learning about the new threats and susceptibilities in their systems, making it clear that most organizations are not focusing enough to recognize when and how their systems are threatened.
Organizations are required to ensure that they have a plan in place to monitor and metrics to track potential failures of their software systems. For example, the National Institute of Standards and Technology (NIST) published its AI Risk Management Framework (AI RMF) recently, recommending organizations map potential harms likely to be generated by an AI system and implement a relevant plan to measure each threat and respond to them. This approach can be applied to software applications and databases to prepare for potential failures.
That said, the CIOs and digital technology leadership must evaluate the level of potential failures and their impacts before deciding whether to have in-house cybersecurity and data privacy tools or avail third-party tools and services to monitor and protect their software systems and database from failures and threats.
With the rapid advancements in technologies and their adoption in organizations, and more online transactions and engagement, the risks of cybersecurity and data privacy are also increasing. This becomes a challenge for CIOs to keep up with the growing range of security and privacy risks coming from the software systems powered by emerging technologies. Not only small to medium enterprises but large businesses also will be pressed for resources required to ensure data integrity is not an afterthought. With the use of new technologies like AI, ML, DA, etc., growing, organizations will need to invest in more resources to manage the new and evolving cybersecurity and data privacy threats.