August 27, 2020
August 27, 2020
In recent months, the COVID-19 crisis has caused a significant uptick in cyber risk. A combination of increased security demands, due to a shift in business’ operating models, and new vulnerabilities from threat actors keen to take advantage of remote workers has shined a light on the need to innovate fast to outrun the risks.
Emerging technology adoption is often seen as the answer to innovate at speed and scale. Yet, Accenture research has shown that more than three-quarters of executives believe that the stakes for innovation have never been higher—and getting it right will require new ways of innovating. Demonstrating how is an elite subgroup of global enterprises. These alpha innovators are making big plays with artificial intelligence (AI), fifth-generation wireless technology (5G), quantum computing, and extended reality (XR). They are investing heavily in three or more of these emerging technologies at the same time to achieve business growth. In other words, alpha innovators are doing innovation right—and with implicit security.
So far so good, but our analysis shows that even though most C-suite executives are assessing the security risk of new technologies, they underestimate the challenges they pose. The board needs to help ensure that the introduction of these technologies into the business environment includes an understanding of the risk and the actions taken to mitigate the risk—in particular, cybersecurity risk. An important first step is to ensure that the business is collaborating with the security team from day one, and throughout the adoption journey. Coming to terms with the acceptable amount of risk is a delicate balancing act. But once organizations find that balance, they will be better prepared to maintain their leadership in the marketplace thanks to top-line revenues, cost savings, market capture, and new services.
In a sea of change, directors need to ask themselves whether risk is being taken seriously enough. They must carefully weigh the risks against the rewards to ensure that good decisions are being made that benefit stakeholders by asking questions such as the following:
Our analysis shows that emerging technologies can pose major new security challenges. For instance, 5G features such as virtualization, hyper-accurate location tracking, and increased volume and speed of the network are an escalating risk for businesses and their boards. With even more devices connected in real time, successful attacks could mean that threats move faster through an organization, highlighting the need to raise the bar on fast identification to stop the spread.
There is also risk from maturing quantum computing abilities, which could be a security game-changer by invalidating encryption and some of the security basics in use today. Becoming quantum-proof won’t be quick, so organizations need to closely monitor quantum developments to allow enough time to prepare their organizations to take advantage of the technology and address any new security risks it brings.
For XR, which is a cloud-supported infrastructure, many of the security issues will be familiar to companies already managing security for their cloud environments. Organizations will need to assess XR service providers’ security capabilities and privacy controls. And they should prepare to build a layer of supplemental protection inside the organization to secure XR applications and associated data.
An organization must continually assess its risk profile by identifying and monitoring the risk posture of its critical assets—which could be the most important business unit for revenue generation, a critical manufacturing facility, key business processes, intellectual property, or highly sensitive data.
At the same time, investing in innovative uses of emerging technologies is more critical today than ever before—in fact, the existence of an organization may depend on it. Being able to aggressively adopt new technology in a secure way with a full understanding of associated risks is key for successful business outcomes. The security team should be fully engaged, and excel at security basics—including establishing a strong security culture, asset management, patching, timely vulnerability remediation, rapid threat detection and response, and installing tested crisis management plans.
Here are some of the ways boards can help organizations better manage cybersecurity risks associated with emerging technologies:
1. Understand that the introduction of new technologies presents an entirely new attack surface that organizations must be ready to defend. With 5G for example, is the organization prepared to handle security issues carried over from previous generations of telecommunications protocols and standards not resolved in 5G?
2. Encourage the C-suite to research the right types of technologies for the organization. Does the organization’s third-party quantum provider have the right security controls to protect your organization’s quantum environment, confidentiality, integrity, and availability?
3. Become compliant. As organizations embrace these new technologies, are they prepared for regulatory requirements now in place? If not, what do they need to do to prepare?
4. Consider the right skills. Does the organization have skill sets readily available to manage and secure these emerging technologies? If not, how should management approach acquiring the right skills?
There are enormous opportunities availed through emerging technologies to positively impact business growth, maintain a leadership position in the marketplace, and achieve competitive advantage. It is vital that directors ensure that the cybersecurity risks associated with these technologies are given the necessary attention.
Bob Kress is a managing director at Accenture Security where he is the co-chief operating officer and the global lead for quality and risk.
NACD: Tools and resources to help guide you in unpredictable times.