Will Industry 4.0 leave you out in the Cyber cold?
Blog: Karthi Pillay
Finland experienced a wonderful summer, one of the hottest on record. Like most people, I bought some excellent summer clothes hoping the heatwave would never end; I even purchased a great pair of swim shorts.
It may be an odd way to open an article, but I find my shopping habits and the cyber security world to be quite similar. You see, as much as I would like to continue wearing my summer wardrobe, the temperature in Finland is changing quickly. Businesses are similar: their cyber structure is stuck in a relaxing summer mode despite winter’s approach. In other words, most organisations have a cyber strategy, operating model, and governance suited for the past, and they have not adapted for the avalanche of new world threats.
The reason for this is history. Cyber risks were viewed purely as an IT phenomenon, so an IT expert was placed in charge and his position was dictated by IT’s needs. Now we realise cybersecurity means much more. Cyber relates to an entire business and it needs to occupy such a position of importance in an organisation.
Cyber security is a serious business and creating a Cyber Intelligent Organisation requires a shake-up in thinking, and ‘business as usual’ will no longer suffice.
Evolving companies to meet evolving risks
Companies do not need another risk to manage and an increased workload, yet the simple fact is cyber risk is only going to become more prevalent. Digitalisation is enveloping all aspects of our business. This opens up more possibilities for cyber criminals: lone wolves, loose confederations, or even state-sponsored actors.
We also need to remember attacks on networks, ecosystems, and suppliers are risks. To best manage Cyber Security risks, organisations must aim to create a ‘security by design’ culture, a culture where Cyber Security is proactively involved in typically non-traditional business aspects. This can range from choosing the robot supplier for your factory to software partner selection, and even your local contractor in a foreign country.
We have a new normal, but the role of cybersecurity in most organisations has not evolved. It plays the same part in an organisation it did a decade ago; we need to remind ourselves summer is over.
Cybersecurity is not just IT’s issue
While businesses are trying to adapt to the digital evolution, this adaptation is not proportionally linked to the pace of the cyber evolution. Industry 4.0 is strongly fuelled by the IoT, or connectivity in general. Cyber Security now includes Product Security (PS) (smart/connected products), Operational Technology/Plant Assets (OT) and, of course, traditional IT.
To best manage Cyber Security risks, organisations must aim to create a ‘security by design’ culture, a culture where Cyber Security is proactively involved in typically non-traditional business aspects.
This shift changes the cyber strategy, operating model and governance structure of old. Most organizations today still have a traditional outlook of cyber and where it sits within the corporate structure. For example, the CISO reports to the CSO, who reports to the CIO, who in turn reports to the CEO. While this is not true for all organisations, we generally find the voice of the CISO too ‘low down’ and sometimes key messages get lost.
The new realm of cybersecurity is not just about IT, so the head of cybersecurity can no longer just be an IT specialist, words like ‘strategist’ and ‘advisor’ become important; business acumen is key. Based on our Deloitte Cyber Executive Labs, most Cyber Leaders find themselves spending close to 65% of their time on operational and technology implementation tasks, yet they want to spend more time as a strategist and advisor.
This can only happen and be meaningful if the Cyber Leader has a holistic view of the organisation, understand how the business works, and how cybersecurity will enable business in achieving goals. They will need to speak the business language the C-suite understands along with the language of the IT specialists.
As organisations leverage the positives that are derived from Industry 4.0, there is no doubt creating and strengthening a Cyber Intelligent Organisation is a must.
Build a strategy and make choices
Our experience has taught us no one has unlimited resources, so we have enabled organisations to create a cyber-strategy that makes the right choices. Defining where cyber fits into your organisation, getting your operating model right, with appropriate governance, rules, and responsibilities, is the foundation that will greatly assist managing and responding to cyber risks.
Based on the experience of our 6,500 cyber experts, our 31 global Cyber Intelligence Centres (CIC), and our four 24/7 Managed Service centres around the world, we believe organisations must create strategies and plans to Secure the organisation, while remaining Vigilant to attacks and threats. Finally, organisations need to build a Resilient plan, so they are able to recover from a breach.
If you want to discuss how we can help you change out of your outdated summer wear and into a more appropriate, and fashionable, winter jacket, please get in touch.
The article has originally been published in the Business Class -magazine (October 2018 – January 2019).