Rewind to 2008 when the world experienced a major financial crisis. Why did it happen? Well, it’s largely due to the fact that the financial sector came up with processes and products, which were constructed and interdependent. Consequently, people no longer understood the intricate risks attached to the products. Once people realized this and understood that some products actually had no intrinsic value, the entire system collapsed.
I see a parallel in the current digital world. If we as security professionals are unable to understand the true cyber risk attached to individual business processes and start stacking and integrating them into a chain of different processes owned by different people and companies, how do we understand the actual risk aggregation? If we don’t, will we still be in control or will we suffer the same fate we did in 2008?
When someone buys or sells something, they expect certainty and security when it comes to the transaction. In other words, the buyer or seller wants peace of mind and the process to be done in good faith. Doing this transaction in the physical world allows for more security, since the exchange is done face-to-face. However, since everything nowadays seems to be migrating to the digital world where transactions are often ‘invisible’, we need to look at security in a different light.
We Often Overlook the Darker Side of Exciting Possibilities
We tend to get very excited about the possibilities in the digital world – and they are indeed very exciting! – yet often overlook the darker side of it. For instance, the lack of safety in that realm is a major issue. We’ve all heard stories of credit card fraud, privacy violations and know people are reluctant to share their personal details (contact information, date of birth and residential address, for example) when they purchase a product or service online. People have become suspicious, and rightfully so.
The answer is transparency. Companies need to be completely open about their processes and transactions. A business that isn’t transparent in this day and age will soon be out of business. Through transparency, companies need to create that much-needed sense of security as we had – or at least thought we did – in the physical world. In short, it’s all about digital trust.
"The answer in this day and age is transparency. A business that isn’t transparent will soon be out of business."
While it is, for now, unrealistic and unfeasible to think that we can create a digital space that can be 100% trusted, we should strive to build a digital world that is as safe as it possibly can be. Furthermore, we should work tirelessly looking for new solutions to continuously improve and guarantee this trust.
Bad Guys Work Better Together Than Us, the So-Called Good Guys
One of the biggest challenges we’re facing is the fact that the bad guys work better together than us, the so-called good guys. Hackers and criminals seem to have bigger, collaborative networks and are capable of acting faster than we, the good guys, can react.
This is where ethics enter the discussion. The ethics statement applies to government bodies that often have more information than they are willing to disclose. Companies are legally obligated to ask themselves if they can or cannot share the information and data they have gathered, whereas criminals clearly are out there to share and disseminate the information as they please. Even more than merely bound by laws and regulations, organizations should define their internal ethics. ‘Was the information given to you by your client for a particular reason? Are you allowed to use the information?’ With the data companies collect these days, they are able to identify numerous things, such as voting behavior, sexual orientation and likeliness to get sick – just to name a few.
"Criminals apparently work better together than corporates."
What the digital world needs is an ethical framework: this is what we do and this is what we don’t do with the information we’ve gathered. Transparency is the way forward on both a corporate and governmental level. People are, for obvious reasons, drawn to companies that are explicitly ethical. For instance, look at social awareness - organic companies that aren’t afraid to take a firm ethical stance even if it means sacrificing additional profits. In 2001, Google made a bold statement and shut down its Chinese search engine in reaction to the Chinese censorship laws and Chinese officials finding information about numerous dissidents. It’s a pity that Google re-activated its services shortly after, but they nevertheless tried to take an ethical stance. On the other side of the spectrum, there’s Facebook, a company that makes no secret of blatantly selling a wide range of information to several third party organizations.
A Lot Happens Behind Clients’ Backs
A few years back, a Dutch bank stated that they ‘were considering selling information about their clients to third parties’, immediately followed by a massive backlash. Personally, I thought it was commendable that they were open about their intentions, but the manner in which they handled it was really ill-conceived. Numerous other companies do exactly the same, but aren’t open about it. A lot happens behind clients’ backs.
Today’s businesses need to realize a few things. One of them is the simple fact that security is no longer an IT problem only, for which they need to turn to that pale-looking man in the basement for a solution. In today’s world, digital trust needs to become embedded in companies. As a result, security becomes a Board topic and requires an intense look at where and how to embed the Chief (Information) Security role in the organization to drive cyber resilience and digital trust throughout the company.
"(Cyber) Security is no longer an IT topic. The digital age demands (Cyber) Security and Digital Trust to be a Board level topic."
Companies need to look at their business ethics, think about consequences and position and communicate their brand value accordingly. ‘We consider sharing your information with party X, enabling us to provide you with better service.’ Next to transparency, offering clients the choice to say no is just as vital. ‘If you wish for us not to share your details with third parties, tick this box.’
Opening New R&D Lab in Israel
Accenture strives to advise companies on solutions that are tailor-made for the industry they operate in. In order to achieve this, we thoroughly investigate new technologies, collaborations and markets in order to really establish changes in the world of digital trust. That’s why we recently opened a new Cybersecurity R&D Lab in Israel in order to advance security innovations. This newest Accenture lab will focus on broad research in advanced threat intelligence, active defense and Industrial Internet of Things security by applying the latest developments in artificial intelligence, blockchain and advanced analytics.
"If there is one thing that the dynamic, rapidly changing digital world has revealed, it is that companies – even competitors – need to work together."
Through this new lab and the existing collaborations, we will close the gap and hopefully one day surpass the people who threaten cyber security and digital trust. If there is one thing that the dynamic, rapidly changing digital world has revealed, it is that companies – even competitors – need to work together. Exciting times lie ahead, but, for now, the focus should be on building and ensuring trust in the digital world.
Is Digital Trust a Board level topic in your organization yet? And in what ways are you collaborating with others to face the people who threaten cyber security? Get involved by leaving a comment. If you would like to know how we can help you, please get in touch. Would you like to discover your career opportunities? Contact our recruiter.
Also have a look at the other articles published in the series on Accenture's Technology Vision 2016.
Read about the People-First approach in Digital transformation: People are the irreplaceable changemakers .
In this dynamic environment in which products have become a commodity, the question is which business models are still effective for banks and insurance companies. Berend de Jong sheds light on predictable disruption in Predictable Disruption: How Can Financial Organizations Stay Ahead of the Game?
In The Core of a Liquid Workforce: The Right Team at the Right Moment Geert Batterink and Martijn Smit explain what it means to have a Liquid Workforce and what it could mean for your organization.
How can organizations survive in this Winner-takes-it-all World? Geert Batterink sheds light on how companies unleash and utilize technology to ensure they are not left in the dust in the era of the platform economy.
- And in There it is: the true essence of Intelligent Automation Martijn Smit discusses intelligent automation and the workforce of the future.