Cyber-attacks are a reality for most Swiss companies and an awareness of cyber risks has grown. But cyber security falls short when facing the new perils arising in connection with the Internet of Things and Artificial Intelligence.
As society rapidly changes under the impact of evolving technology, so does the nature of cyber security. For the third consecutive year, our study Clarity on Cyber Security – Ahead of the next curve provides some insight into how Swiss organizations deal with new challenges. In a world characterized by high-speed interconnection, attackers are using more sophisticated strategies. Correspondingly, 88 percent of the companies surveyed fell victim to a cyber-attack in the last 12 months; with 56 percent suffering disruption of business processes and 36 percent incurring financial loss as a consequence of an attack. Clearly, companies are having trouble preparing for a future of ubiquitous computing, the maturing Internet of Things and Artificial Intelligence.
Wrestling with the Internet of Things
One finding that’s cause for concern is that most companies struggle with understanding how the Internet of Things affects business processes and how potential misuse or breaches may affect customer- and stakeholder trust. Over half of the respondents don’t have an overview of all the Internet of Things devices they deploy: 35 percent haven’t tried to get an overview and another 17 percent have tried but failed. Given these figures, it’s not surprising that half of the respondents admit that their cyber security strategy and corresponding policies currently do not address the topic of Internet of Things or Operational Technology Assets.
The sheer volume and complexity of the Internet of Things make it hard to get a proper overview and to manage risks. Nonetheless, this shouldn’t be an excuse. Organizations must make sense of the Internet of Things – a complex world of interconnected, web-enabled stuff ranging from personal gadgets and household appliances to medical devices and critical infrastructures. Cyber security strategies must anticipate threats arising from the ongoing integration of the physical world and cyberspace.
New risks through artificial intelligence
Another subject is the evolving impact of Artificial Intelligence (AI) and/or machine learning. As we’re becoming more dependent on algorithms that support humans in critical decision making, it’s now quintessential to protect these systems from being compromised. However, most respondents consider this a topic for the future. Merely 26 percent agree that there are new security challenges now. When asked about the next 2-3 years, this figure remains low at 43 percent.
The reality is that innovation emerges at a dazzling speed and even those organizations at the very early stages of (thinking about) deploying such new technology must be vigilant. Security in the domain of AI and digital labor may quickly become the new elephant in the room. At the very least, companies should conduct an impact analysis to understand the related cyber risks.
The “human factor” in cyber security
Finally, we shouldn’t forget the human factor in all of this. Data breaches are often traced to social engineering and human error. Yet it’s not just a question of careless users, rather much more a design flaw in cyber defense, with user friendliness all too often taking a secondary role in cyber security. Success depends on offering users a seamless experience instead of irritating time-consuming processes. However, we don’t tend to make cyber security measures user-friendly as the technology perspective currently dominates tool design and authentication methods.
The survey findings show that improvement is needed. More than half of the respondents acknowledge that they don’t assess the user-friendliness of cyber security measures when implementing new tools or concepts. Just 11 percent say that they involve a user-experience (UX) specialist to contribute to a user-friendly design.
Instead of having a predominantly technological approach towards implementing security measures, we must start thinking about security and user-centered design as two halves of a unified whole. The stakes are high, as human involvement is often the weakest link. Not only now, but also in the future.
Full survey: Clarity on Cyber Security – Ahead of the next curve