Digital Without Cybersecurity Is a Train Wreck Waiting to Happen

Businesses are beginning to really embrace digital transformation, and the pace of change is accelerating. Executives are increasingly asking themselves how they can move even more quickly, since it’s much less painful to transform your businesses from within rather than having your transformation imposed from outside.

However, the decisiveness that executives have around the digital imperative is rarely accompanied by the enthusiasm (and investment) needed to make their systems secure. To help frame concerns for cybersecurity, I wanted to lay out some of the key trends defining the landscape.

As businesses become increasingly digital, more digital assets are at risk. This is almost a tautology—but not quite. To borrow an elegant turn of phrase from Harvard professor Larry Summers, “value used to reside heavily in how heavy a thing was and now it resides heavily in how knowledgeable it is.” Security for artificial intelligence and machine learning is a huge concern.  

As I mentioned in an earlier post, a robust information infrastructure is table stakes for companies looking to adopt artificial intelligence. But if that data’s integrity is compromised, the insights and processes generated by AI are not only meaningless, but potentially dangerous. Imagine a predictive maintenance algorithm pushing a turbine to work well beyond indicators of imminent component failure.

 AI is particularly vulnerable to poisoned data because of the “black box” problem: you cannot scrutinize the reasoning of a deep neural network to understand why it makes particular inferences. While researchers at places like Carnegie Mellon are pioneering techniques to bring transparency to how neural networks make decisions, these effort are still relatively nascent.

 As the value and vulnerability of digital assets has grown, attackers have become more aggressive. Nation states and criminals are increasingly active in cyberspace. Take ransomware, which denies access to data and holds it hostage in exchange for cryptocurrency. The FBI estimated that ransomware was responsible for $1 billion in damages in 2017. And cyberattacks are increasingly commoditized. Purchasing a ransomware exploit on the dark web costs $10 to $20. And the next incarnation could interfere with the integrity of algorithms or data in a more subtle, but much more harmful way.

 We’re facing a global deficit of cybersecurity talent to address the growing threat. It’s estimated that more than 1.5 million cybersecurity positions will go unfilled worldwide by 2020, and 46% of organizations already report a severe shortage in cybersecurity skills. Not only is there a deficit of operational cybersecurity expertise, but executive ranks also lack expertise in this area. According to publicly available LinkedIn data, less than 3% of senior executives in large U.S. businesses have cybersecurity backgrounds.

 If you are not convinced that cybersecurity is an integral part of digital transformation, here’s one final story. In 1953, Jaguar finished first and second at the Le Mans 24 Hour race and dominated racing for the next four years. How did their cars become so much faster than everybody else’s? Jaguar pioneered the use of disc brakes. They won not just by making their cars faster, but by making them brake faster (and safer). In the same way, good cybersecurity can help your company grow and innovate faster.

 If you’d like to learn more about how to embrace cyberresilience as part and parcel of your digital strategy, I recommend Advancing Cyber Resilience: Principles and Tools for Boards.