Why now is the time to re-evaluate your digital strategy
October is Cybersecurity Awareness Month, a time for companies to celebrate their technological achievements, examine the wider cyber environment, and reset their digital strategies, if required.
Disruptive technologies like artificial intelligence and quantum computing are solving complex and pressing business challenges, but they are also creating acute new risks.
Having a robust digital and risk management strategy, which considers both opportunities and risks, will help propel businesses to the heights they are more than capable of reaching.
For most companies, 2023 is an inflection point in their digital journeys.
On one hand, the rush to digitalise prompted by COVID-19 lockdowns has plateaued, with many businesses now boasting an operating environment in which use of technology is omnipresent. Staff across all generations are now familiar with many of the new tools that proliferated during the pandemic, such as video conferencing and other collaboration software. Businesses once reluctant to forego paperwork are finally comfortable with digital documentation. These are noteworthy achievements.
On the other hand, once unimaginable technologies are advancing and scaling rapidly: artificial intelligence (AI) for example, has become mainstream, where even the smallest of businesses are now leveraging its capabilities. Whether ride-hailing to a client meeting with Grab or Uber, sending autocompleted emails to staff in Microsoft Office, or browsing what’s trending on LinkedIn; a wide range of apps that we use daily leverage AI to make our lives more organised, and easier to manage.
Digitalisation is an acute topic this time of year. Every October is Cybersecurity Awareness Month (CAM), and 2023 celebrates its 20th anniversary. It is therefore a fitting time for businesses to celebrate what they’ve so far achieved, examine the wider cyber environment, and establish what more they need to thrive digitally, both today and in future.
False sense of security
Despite these wonderful advancements, the trajectory of cybersecurity has not kept up. This isn’t due to a lack of technological development or the industry’s inability to prevent cyber threats; moreover, most risks stem from either a lack of investment, or from misplaced human behaviour and assumptions.
All too often we believe our computers, laptops, and smartphones are safe and out of harm’s way, when in fact it’s through these very devices that we are most vulnerable to cyber-attacks — an enormous false sense of security, mind the pun. Studies repeatedly find that company executives are cognisant of their cyber risk exposure, with it being one of a handful of risks that keeps them up at night. However, this anxiety doesn’t always equate to cybersecurity becoming a strategic imperative. Research by the Cyber Security Agency of Singapore (CSA) finds that most C-suite executives view cybersecurity as an overhead, and not an essential function.
Data highlights the downside of such views. In Singapore for example, around 8,500 phishing attempts were reported in 2022 — double that of 2021. And in Hong Kong, the number of phishing attacks in Q4 2022 alone totalled 13,574, a 90% increase, quarter on quarter.
This year has already experienced a number of high-profile data breaches across Asia. In Japan, a large multinational automotive manufacturer said it had exposed data on over two million car owners over a 10-year period. In Indonesia, information on over 34 million Indonesian passport holders stored by an Indonesian government agency was breached by a hacker. And in South Korea, staff at a global appliance and consumer electronics corporation broke confidentiality protocols by sharing sensitive company data with an AI-powered chatbot ChatGPT.
While the motivations of perpetrators are extremely varied, the goals of such attacks typically boil down to a mere handful: either to damage or destroy physical or digital infrastructure; steal information for extortion and financial theft; or simply to ruin the reputations of organisations, which in turn typically leads to huge financial losses.
Artificial intelligence
Cyberattacks and related incidents like data breaches aren’t the only digital risks threatening businesses. The proliferation of AI presents new challenges to companies. Most AI solutions, whether customised or off-the-shelf, lack transparency in how decisions are made, and many exert unintentional biases and discrimination, due to biased training data or algorithmic design.
AI technologies like machine learning are reliant upon collecting and analysing humongous amounts of data, raising issues relating to data privacy and security, as well as ethical considerations on how this data was acquired. There is also the threat of misinformation and manipulation: large language models like ChatGPT are only as powerful as the information that they collect. And with major publishers increasingly blocking these technologies, they will turn to sources of information that are less credible and accurate. News websites that have blocked the GPTBot crawler include The Guardian, CNN, Reuters, the Washington Post, Bloomberg, and the New York Times, among others.
Regulation governing use of AI is highly fragmented. Currently, the 10-member Association of Southeast Nations (ASEAN) is in the process of creating governance and ethics guidelines for its usage, but to date no laws have been passed among member states. Conversely, China, Japan and South Korea have already rolled out laws governing the technology’s usage. And elsewhere, Europe and America are about to follow suit.
The European Union’s proposed Artificial Intelligence Act is noteworthy, as it will include a risk framework, defining use-cases that present unacceptable risk, high risk, limited risk, or little or no risk. That it sets out to identify different classes of risk underscores the multitude of threats AI poses to society and the economy; and critically the protection we will need should it falter, or worse fall into the hands of perpetrators.
Quantum computing
Although in the nascent stages of development, much is said of the capabilities of quantum computing. By being able to analyse ultra-large datasets in nanoseconds, the technology is expected to make an array of scientific breakthroughs in areas like healthcare, logistics, manufacturing, and agriculture, to name a few.
Such ability also creates new risks, most of which could be far more damaging than AI. With unprecedented computing power, modern encryption methods will be deemed useless for instance: quantum computers are able to crack current cryptographic keys quickly and with ease. And blockchain technology, known for its advanced security features, could also be hacked, threatening the entire trillion-dollar blockchain and crypto economy.
Criminals are already preparing for the day when quantum computing becomes mainstream: a Deloitte study finds that over half of IT professionals believe they are at risk from “harvest now, decrypt later” attacks, where information is collected today, and decrypted once quantum computing is widely available. For most companies, the technology is presently cost prohibitive.
That said, investment in the technology is surging: a market worth US$412 million in 2020 will soon be worth US$8.6 billion in 2027. And while for many businesses, the idea of leveraging quantum computing appears futuristic and far-fetched, its application in every-day tasks is probably closer than we think.
A promising digital future awaits
The aforementioned advancements should concern business executives. However, there are several measures they can take to protect themselves against the many risks associated with them — while simultaneously reaping the vast rewards they promise.
First is to conduct a full audit of current technologies and staff that interact with these. By doing so, businesses can identify both shortfalls and new opportunities. They must also continuously monitor the performance of such technologies to ensure they remain fit-for-purpose. Second, they should implement a robust cybersecurity programme that is able to deal with both current and emerging threats — and make sure that all staff are familiar with the programme’s features, and the many different cyberthreats that exist today. A further measure is to build a network of close advisers and partners. These will include technology vendors who are among the best placed to advise on the appropriate cybersecurity measures needed, and how best to act when an issue arises.
There is also a role for insurance providers within this network. Each company’s cybersecurity needs are unique and will require coverage that not only protects businesses from the financial fall-out of cyber risks when they happen; such policies should also give firms the peace of mind to focus on growth and other positive matters uninterrupted. Cyber insurance typically covers the costs associated with notifying data subjects and relevant authorities; recovering systems and data; regulatory penalties and associated legal costs; and lost revenues because of a breach or attack, plus much, much more.
The future is incredibly promising for Asian companies for a whole host of reasons. Having a robust digital strategy, which considers both opportunities and risks, will help propel your business to the heights it is more than capable of reaching. Now is the perfect time to re-evaluate your digital strategy.
An abbreviated version of this article was first published on the ASME Newsroom (asme.org.sg).