Digital threats are expected to increase in sophistication, as digitisation spreads wider across today’s business environment. With this comes the need for heightened awareness of the risks that this poses, and, in tandem, the tightening of cybersecurity. Analysts have already seen the intensifying of cybersecurity threats in the immediate post-pandemic period, and have warned that policies, procedures, strategies and tools need to be developed to ensure that the emerging risks in all areas of business can be appropriately addressed. Regardless of how or where they apply their technological capabilities, businesses which ignore cybersecurity today, do so at their peril.
The threats that have developed with the adoption of digitisation have become all-pervasive; no industry has been spared. Risk professionals are increasingly seeing risks presented by digitisation added to their to-do lists, although at first glance, cybersecurity could be considered more of an IT risk, than anything else. But what are the trends that make cybersecurity an area of growing concern, and how should risk professionals identify, manage and monitor related developments? Research indicates that the push to go online and maintain competitiveness through digitisation may be among the major reasons for heightened cybersecurity measures and education.
While cybersecurity has always been a matter of concern in the business sphere, the risks related to it have grown by leaps and bounds in the past ten years, even more so in the pandemic years, as more businesses moved online. The rush to establish an online presence meant that shortcuts may have been taken, leading to loopholes and back doors becoming available, and putting systems at risk. More people being online simultaneously also meant that there were more points at which systems could be breached. This was of particular concern as employees were forced to work from home (WFH) during the pandemic.
IT managers are still having a tough time ensuring that systems which need to be accessed remotely are secure. In tandem with WFH comes the added challenge of the use of unsecured personal equipment for remote work activities. These items – personal laptops, tablets or android phones, for instance – may not have the same level of cybersecurity as equipment available in offices. As if unsecured equipment for remote work was not risky enough, the problem is often compounded by the ever-increasing number of mobile applications – apps – that users are constantly being exhorted to download, often to expedite online transactions such as banking, shopping or bill-paying.
The risk here lies in exposing information that could be confidential, which could be exploited by others. But there are other issues as well, such as the rapid development of technology in the area of artificial intelligence (AI). AI is a double-edged sword. While it can analyse vast amounts of data better than humans can, leading to better predictions, and take the tedium out of repetitive tasks, it comes with new – and different – risks. Many of these are inherent in the system; these vulnerabilities often go undetected but may be exploited by hackers or other malicious parties, even with firewalls or other cybersecurity measures in place.
Identity theft is becoming more widespread, bolstered by the deepfake phenomenon generated by AI, causing irreparable harm to identity theft and deepfake victims. The risk to companies here stems from the dissemination of sensitive or confidential data without permission or proper vetting, and the fallout that the company will have to deal with, resulting from such breaches. Generative AI – or ‘Gen AI’ – is shaping up as an area of emerging risk as well. With human prompting, Gen AI can create original content like text, graphics, audio and video. While this certainly makes content generation expedient, other risks could emerge.
One of these is the difficulty of discerning how authentic the information is. Even with cybersecurity, the repercussions of something like ‘data poisoning’ will not be easy to address. The most complex cybersecurity risk may not be technology-based at all. Analysts point to the fact that while technology grows exponentially, there is a talent gap in the cybersecurity industry. A lack of skilled professionals is preventing businesses from identifying and obtaining appropriate levels of cybersecurity. What approach should businesses take to address this deficit, and manage growing cybersecurity risks?
An integrated, multi-faceted approach is necessary. Users must be made aware of the existing and emerging threats through education and training. This should be ongoing because new risks abound. Users should develop a mindset that cyberattacks are imminent; they need to be vigilant, and familiar with signs of hacking or systems breaches. They should be made aware of the dangers of sharing passwords, and encouraged to report any anomalies regardless of severity. They should also be aware that their personal electronic devices such as tablets and android phones may not be as secure as they think.
It is likely that these personal devices contain sensitive information – particularly if these are used as back-ups for work equipment when working remotely. Their connectivity puts them at risk as well. Analysts point to the fact that the Internet of Things (IoT) now has the ability to interconnect formerly ‘dumb’ devices with ‘smart’ ones. Thus, one interconnected device, once infected, may compromise the cybersecurity of whole networks. They can protect themselves by ensuring they have security patches on their devices, use extra authentication like biometric identification, and by not sharing too much personal information on social media.
Whether at home or in the work place, people are sharing more information than ever before. Cyber threats are growing, and cybersecurity needs to keep up. Analysts predict that cybercrime could do trillions of dollars’ worth of damage – to assets and in terms of disruptions to the supply chain – if concerted steps are not taken to curb it. Threat actors – hackers – are becoming more sophisticated, and, in some cases, may even be state-sponsored to create as much damage to national assets as possible. Cybercrime, cyberattacks, and the threats these pose, are becoming of increasing concern to organisations, regulators and governments worldwide.
New laws and regulations are being formulated and put in place, but for most businesses, the immediate concern is what they can do to enhance their existing cybersecurity measures and protect themselves. But knowing what to anticipate means understanding the current environment, and their respective positions. Managing cybersecurity demands due diligence and increasing users’ awareness of the risks that challenge them. Organisations can start with practical steps like protecting their data, devices, and systems, while constantly encouraging the development of a risk culture among employees that will drive resilience over the long term.
