IoT Could Expand Cyberattack Surface by Bringing Offline Legacy Infrastructure Online. Digital transformation is the latest jargon in the industry and there is probably no process across the globe that is not integrating new age technologies in their way of functioning.
Nevertheless, while technologies like artificial intelligence (AI), Internet of Things (IoT), machine learning (ML) and big data analytics are doing a world of good, cybersecurity is a major concern when talking of these technologies as well. In an exclusive interview with DataQuest, Mr Ashish Sharma, Partner, Deloitte India, shares his views on the impact the above mentioned technologies have had on cybersecurity, some of the initiatives taken by the government, and the challenges faced by the cybersecurity industry in the current scenario.
Impact of New Age Technologies on Cybersecurity Scenario
New age technologies viz. Artificial Intelligence (AI), Blockchain, Internet of Things (IOT), 3D printing, Robotics, etc. have the potential of revolutionising the industries. While the results of these technologies are path-breaking, the cybersecurity vulnerabilities are also on the rise. One may owe this to the inadequate research for securing emerging technologies, absence of industry guidelines/frameworks, unclear responses from regulators on the adoption of technology or security guidelines, increase in attack surface or inability of the legacy infrastructure to secure new age technology riding on it, etc.
For example, adopting IoT introduces a vast number of devices to an organisation’s network. The chances of exposure increases since IoT massively expands the attack surface by bringing the previously offline legacy infrastructure to the internet. Similarly, AI technologies are helping to solve today’s toughest business problems. However, the risk of an algorithm changing its course due to unauthorized interventions has been concerning to the industry.
Preparedness of Current Indian IT Industry in Handling Technological Advancements like Blockchain, IoT, and Artificial Intelligence in terms of Cybersecurity
Focus on Cybersecurity has been critical for both the Government and the Industry. Regular global cyber hacks have ensured that Cybersecurity is a topic in the Senior Government circles and amongst the Board of Directors in various companies.
The adoption of the latest technological advancements such as AI, IoT etc. is not only driven by organizations in India but are also being the focus areas of the Indian government. For instance, the Government of India has proposed a multi-dimensional approach in its draft IoT policy to develop the IoT market in India by 2020. Similarly, recognising AI’s potential to transform economies and the need for India to strategize its approach, Hon’ble Finance Minister, in his budget speech for 2018 – 2019, mandated NITI Aayog to establish the National Program on AI with a view to guiding the research and development in new and emerging technologies. The discussion paper on National Strategy for Artificial Intelligence (June 2018) suggests establishing data protection frameworks and sectorial regulatory frameworks, and promotion of adoption of international security standards.
Importance of Data Breach Prevention
Data breach prevention should be planned in two ways; by design and by operation. Organisations should develop a mind-set that has privacy at the forefront of the design, built and deployment of new technologies. Organizations have traditionally focused their investments on becoming secure. However, this approach is no longer adequate in the face of the rapidly changing threat landscape. Put simply, organizations should consider building cyber risk management programmes to achieve three essential capabilities namely: the ability to be secure, vigilant and resilient.
A good understanding of known threats and controls, industry standards and regulations can guide organizations to secure their systems and data through the design and implementation of preventative, risk intelligent controls. Based on leading practices, organizations can build a ‘defence-in-depth’ approach to address known and emerging threats. This involves a number of mutually reinforcing security layers both to provide redundancy and potentially slow down the progression of attacks in progress, if not prevent them.
The Reskilling Challenge Faced by Cybersecurity Industry
Skilled workforce plays a vital role in cybersecurity as they impact an organization’s ability to protect its data, systems and operations. Getting a trained/experienced cybersecurity workforce remains a significant challenge for organizations. According to the 2017 Global Information Security Workforce, there is expected to be a shortage of 1.8 million workers in cybersecurity by 2022. With the rapid adoption of new technologies by organizations, the requirements for security experts in these fields have also risen. Whether it’s in the domain of cyber-security for AI, Blockchain or IoT, innovative employees who know how to protect digital information and can translate that knowledge into solving real-world security problems are in demand by both the private and public organizations. And that demand will continue to increase. Conventional education and policies may not adequately meet such demands.
Upskilling and reskilling should be a constant effort in modern information security programs within every organization. Organizations should allocate sufficient budget specifically for training and certifications of their information security workforce and annual training calendars should be drafted for the wider organization.