Post-digital world calls for collaborative security
As the post-digital era dawns, organizations will need to rethink cybersecurity as they confront threats that span entire ecosystems, Accenture's Michael Biltz contends.
By
Michael Biltz
Published: 07 Jun 2019
Just as people no longer say we live in the "age of electricity," the days of labelling things as "digital" are numbered. Very soon, advanced, data-driven digital technologies will be so ubiquitous that they'll no longer be a differentiator.
According to the Accenture Technology Vision 2019 report, we're entering a post-digital world which will require using powerful new technologies to innovate business models, personalize experiences for customers and customize products, services -- and even people's surroundings -- on demand. And creating networks of external partners will be critical for success.
Cyberthreats in the age of ecosystems
The opportunities for businesses in this post-digital world are huge, but so too are the risks -- particularly when it comes to cybersecurity. Already, the rise of ecosystem business models is amplifying the cyber-risk profile of the companies involved. In a world where businesses are connected and interdependent, an attack on one is an attack on all. A security breach can quickly escalate through the ecosystem to potentially affect an entire industry. Enterprises are no longer victims -- they're vectors.
Consider high-profile incidents such as the WannaCry and Mirai attacks: Both exploited interconnectivity to disrupt thousands of businesses and homes worldwide. Such attacks have the potential to affect consumers and businesses on an even larger scale. Researchers at Ben Gurion University, for example, recently demonstrated that attackers could drain a city's entire water tower without a direct attack on its critical infrastructure -- essentially undetected, for a time -- by exploiting vulnerable IoT irrigation systems and forcing them to overdraw from city reserves.
Collaborating to manage risk in the post-digital era
The news isn't all bad, however. While interconnectedness might increase exposure to cyberthreats, it also provides the mechanism by which security can be boosted. At present, risk management practices are mostly focused on a company's internal operations, while attackers are looking at the whole house of cards. But what would happen if this changed? Businesses are already collaborating to deliver transformational products, services and experiences -- so what's stopping them from collaborating to solve the cybersecurity conundrum?
At Accenture, we believe that post-digital organizations will need to include ecosystem dependencies as part of their own security posture, making security a cardinal component of how they build partnerships. This will require businesses to shift from a "my company first" mindset to look across the entire ecosystem to assess risk. The most resilient companies will be those that best understand, prioritize and remediate not only the threats they face, but also those challenging their ecosystem.
Enterprises are no longer victims -- they're vectors.
Michael BiltzManaging director, Accenture Technology Vision
This means organizations need to put themselves in the shoes of both attackers and partners to try and understand where the biggest threats are and what can be done to mitigate them. This holistic approach improves threat intelligence and understanding of risk exposure. It also enables companies to identify critical dependencies that demand immediate hardening or vulnerabilities that represent potential damage to a partner.
A new approach to governance
Recognizing potential risks across the ecosystem is just the start; just as critical is a strong foundation of good governance. After all, ecosystems are constantly in flux and companies can't know who they will be partnering with tomorrow -- or whose vulnerabilities will be putting them at risk.
Businesses will need to establish governance models and policies with the dynamism and fluidity of ecosystems in mind. One-off measures that are negotiated each time a new partner is introduced are inadequate; comprehensive models and policies must ensure that the partners and third parties joining the company's ecosystems adhere to the same standard of security -- or higher -- that the company sets for itself.
Standing together
As companies set out to create new standards and governance, they should look beyond even their ecosystems and collaborate at the industry level. Companies within a given industry generally face similar security challenges. This presents an opportunity to collaborate more widely to build solutions that make it safer for every company to conduct business. We are already seeing instances of such collaboration.
The Vendor Security Alliance is one such example, founded by major technology companies, including Uber, Square, Palantir and others, that all recognized they are drawing from the same well of vendors. The nonprofit organization assesses, qualifies and audits technology vendors based on a standardized set of security principles.
The post-digital world of interconnected business demands a collaborative approach to security. By widening their perspectives, organizations will understand the threat landscape in more detail and be able to mitigate these threats with greater success. This is a necessary underpinning to the business world that is emerging in the wake of the digital revolution and it's what will help organizations differentiate themselves as trustworthy defenders, becoming more attractive partners for other businesses, governments and consumers alike.
Michael Biltz is managing director, Accenture Technology Vision.
