• Akhilesh Tuteja, Leadership |

Cyber security is coming of age, and it’s a good thing. Slowly but surely, it’s becoming part of the conscience of our digital economy. Enterprises, regulators, and the general public are beginning to recognize cyber security’s critical role in our technology ecosystem and in securing our future against an ever-changing and emerging threat landscape.

If I were a pessimist, I would only focus on the many headlines grabbing incidents of cyber-attacks in 2019 and 2020. True, these are a cause for concern, but despite these incidents, I think there is reason for hope and optimism, with new co-operations emerging between government, industry and technology partners to help safeguard the critical data and knowledge amassed in the world’s vast digital ecosystem in new and innovative ways.

Knowledge is power—data creates value

It’s only been a few years since ‘big data’ was first widely discussed, and yet private and public sector organizations around the world are already deriving astounding new value from it. The collection and exploitation of data have allowed them to tailor new products and services and operate more efficiently. Facilitating this new model has driven industries to open up their business operations, innovation approaches and supply chains, building an extended ecosystem of novel partners.

This integration of partners through rich and intimate interfaces creates incredible opportunities, but if done carelessly, it can bring significant risks. We’re seeing an increase in cyberattacks by organized crime groups, who aim to steal customer data or disrupt business through vulnerable points in their supply chains. Reputational impacts of such attacks have long term effects, and public concern over personal data protection has prompted many regulators to pursue a stringent privacy agenda. At the same time, group litigation around breaches is growing in scale and complexity.

Responding to digital risks with ingenuity

Many businesses are being forced to be increasingly creative in managing this new challenge, employing strategies to protect enterprises and their stakeholders through sophisticated, data-centric security models. The fortress mindset of security barriers and firewalls no longer fits the business. I believe we need new security approaches that can offer sophisticated controls over third-party access to sensitive data, allow effective collaborative working in the cloud, and track the use (and misuse) of that data. Of course, these models also need to respect the privacy concerns of the original provider of that data, which means metadata matters in a way it never has before.

More than that, I think we need new approaches for identification and authentication for those third parties, reflecting the complex web of trust, which now exists in our digital economy. Suddenly, old fashioned passwords based authentication models seem crude and open to exploitation—those credentials are difficult to manage and open to compromise. New models are needed for authentication of both B2B and B2C interactions. Managing this shift co-operatively over the next few years will be vital to underpinning digital trust.

As cloud service providers roll-out multi-tenanted cloud platforms, we will have the basis of a much more flexible collaborative environment. Partners can collaborate with greater confidence knowing their data will be protected and their privacy and commercial intellectual property respected. The technology is maturing, and the opportunities are there – if we embed security from the start.

Traditional approaches to third-party assurance are hard to apply in this new digital economy. Tick box compliance approaches no longer scale, at the very time that regulators are driving the need for greater surety in the security of the supply chains of regulated industries. Perhaps there is a growing role for continuous security monitoring of firms and provision of real-time confidence to their partners, clients and customers.

But more than that, there is a need for new partnerships to defend this digital economy against increasingly ruthless, rational and entrepreneurial cyber criminals. While information sharing has become common in certain sectors such as finance and critical infrastructure, cross-sector sharing is rarer. But there are opportunities when finance and telecommunications firms come together with government to better understand and block the actions of organized crime.

Some countries have adopted the idea of ‘active defense’, working to quickly disrupt the infrastructure used by criminals to attack government systems handling tax and welfare payments and protect the citizens who interact with those systems. There is much that can be done to extend these models to provide real-time protection and defense of our digital economy, the critical infrastructure that underpins it, and the firms that provide that.

Building digital trust

We need to work together as a community to protect our digital economy and build digital trust. That requires governments to collaborate to create enabling legal frameworks and the right incentives for such collaboration. At the same time, industry needs to recognize that cyber security is not a contentious issue; it’s about understanding that being a good neighbor helps secure the whole neighborhood.

Today many organizations continue to apply dated security practices that fit business models of 2010, not of 2020. Businesses are changing, and security must transform, as well. If done well, security creates digital trust and enables progress. Poorly done, it is a blocker that stands in the way of economic growth and commercial advantage.

I remain an optimist—I chose to believe that with right mindset and effective approaches, we can build a secure digital economy for the future.