If you want to seize the opportunities of the digital economy, you must also address the threats that come with it. More than ever, cyber resilience should be your organisation’s top priority. And that means creating a strong foundation for digital identity management.
We are on the brink of a politically, economically and socially fractured world. That’s why the World Economic Forum’s Annual Meeting 2018 theme, ‘Creating a Shared Future in a Fractured World’, aimed at developing a shared narrative to improve the state of the world. Being a WEF Strategic Partner for 19 years, Accenture brings leadership for digital transformation at the intersection of AI and Future Workforce, redefining strategy, sustainability and technology.
Digital identities are a cornerstone of our shared digital future. We need to coordinate challenges such as interoperability and address flaws and vulnerabilities in existing systems. It is essential to debate on who should create, control and benefit from people’s identity information. How can we pursue the opportunities that come with digital identities and ensure protection of rights in a sustainable and responsible manner?
The digital world is booming. In every industry and market, businesses are rushing to establish new value propositions and claim new opportunities. And in doing so, they are building a future where interactions will increasingly take place on the sprawling digital superhighways of the 21st century.
These interactions – between humans, companies, devices and data – already determine your ability to identify, claim and add value. Their importance will only continue to grow. But who is connecting with whom? How will you know which people, which systems and processes are interfacing with what data and whether they are authorised to do so? How can you tell whether the sensors you rely on are uncompromised? That the information they transmit hasn’t been rerouted or manipulated to further outside interests?
Without a solid digital identity foundation, you won’t be able to answer these questions. And in this day and age, that constitutes an existential threat to your business – one that can hamper your ability to add value and damage the trust relationships you’ve built with your customers and suppliers.
It’s a beautiful Saturday and you’re strolling down the street in Amsterdam, enjoying the sun and the bustle of the city. Suddenly, your phone chimes. It’s a personalised offer from one of your favourite retailers. They know you’re in the neighbourhood and they know what you like, because you trust their brand enough to share that information with them.
It looks like a fabulous deal, so you make a short detour. At the very least, you’ll get a free cup of coffee out of it. But what you don’t realise is that it’s all a lie. Hackers have set up a dragnet, targeting specific phones with vulnerabilities they can exploit. When you arrive at the store and discover that you’ve wasted your time, you leave disappointed and confused. One of your trusted brands has let you down.
In this example, the endgame is disillusionment – a targeted erosion of the faith a consumer places in a company, perhaps at the behest of a competitor. But the objective could easily have been something more sinister, like identity theft or credit card fraud. Mind you, these are not far-fetched scenarios. The technology required to do this already exists and is being used in the wild today.
Whether it’s people masquerading as other people, devices impersonating other devices or data posing as other data, the benefits of our connected world come pre-loaded with myriad opportunities for financial fraud, as well as other threats. Dealing with them requires a new outlook on cyber resilience, one that embeds security in every facet of your digital transformation.
If you were the bad guy, what would you do to disrupt your organisation’s essential processes? How would you undermine the trust between your company and its clients? Which weak spots would you exploit and how would you confuse your security department?
More often than not, questions like these are only considered during the final stages of a company’s digital transformation journey. Unfortunately, this means that essential aspects of cybersecurity go overlooked throughout the formative phases of the process, making it supremely difficult to even be aware of gaps in your defences – let alone close them adequately.
Carrying out penetration tests at the tail-end of your digital transformation will tell you whether your infrastructure has obvious vulnerabilities, but it won’t tell you how attackers might leverage your processes, supply chain, employees and integrated technologies to achieve their goals. And since you owe it to your clients to provide security across your entire value chain, especially in these days of digital trust, you need to invest time and effort into anticipating security threats and addressing them before they arise.
That means embedding security in every relevant area of your digital transformation. Give your security department a seat at the table. Make them an integral part of the journey. They have just as much to add as Finance and HR, if not more. By involving them at the earliest possible stage, you’ll be able to seamlessly weave the security narrative into the transformation itself.
The digital world has reached a new stage in its evolution and cybersecurity must evolve with it. The game is not just about people anymore – it’s about devices and processes as well. Tomorrow’s users won’t make all their decisions themselves. Instead, they’ll increasingly delegate those interactions to smart machines, authorising the pet AIs that live in their pockets to interact with your company and do the heavy lifting for them.
At the same time, your business will process the information it receives in radically different ways as well. As you transition to machine learning and real-time decision-making in order to delight your customers with increased speed and efficiency, you will no longer be able to rely on the human instincts of your employees to help spot the data that doesn’t pass the sniff test.
This makes your digital identity layer one of the most important tools in your cyber resilience toolbox and the foundation on which tomorrow’s world will be built. As a business, you need to know beyond a shadow of a doubt which users, systems, processes and devices are real. Which data is genuine and which is suspect. And you need reliable infrastructure in place to verify these identities, authorise real connections and automatically reject everything that falls outside predetermined safety parameters.
Integrating digital identity solutions, security operations and business risk management into your digital transformation are a step in the right direction. The ability to verify who’s who and what’s what, spot anomalies and understand the cybersecurity risks inherent in new business propositions will certainly improve your security posture and help your transformation run more smoothly. But that’s only half the battle. To win the other half, you need to understand exactly what you’re up against and respond accordingly.
Hackers are highly motivated to develop new threats and they have ample opportunity to do so. Where you see strengths, they see potential weaknesses. What seems ironclad today might well be tomorrow’s new security exploit. It’s a constant arms race and the only way to win it is by embedding innovation in your digital transformation. Only by out-thinking and outsmarting the adversary will you ever be able to have peace of mind.
Collaboration is an extremely valuable tool in cybersecurity as well. After all, the bad guys are already using it to great effect. No matter the size of your business, your ability to invest in security will always be smaller than that of your entire industry. Banding together with other players in your sector to tackle new cybersecurity threats will allow you to focus more time, energy and insight on the problems at hand. The rewards can be substantial – from hiring outside security services cheaply through collective bargaining power, to building a new digital identity platform that will serve your entire ecosystem.
If you make digital identity a priority and commit your organisation to developing new security strategies, the possibilities are truly endless. Sure, the journey might take you off the beaten path but when it comes to the digital revolution, we’re already in uncharted waters anyway – so you might as well make sure you can explore them safely.
Click below to share this article