Protecting against the changing cybersecurity risk landscape

Why is this trend important today?

This article is one of nine trends outlined in Deloitte's Future of risk in the digital era report. 

The rapid adoption of emerging technologies is greatly increasing efficiency while adding dynamic cybersecurity challenges for organizations. Cyberattacks have moved beyond identity theft and online account hacks. They threaten our code-enabled physical world—our homes, our cities, our infrastructure, and even the medical devices in our bodies.

A host of digital technologies, such as AI, automated botnets, Internet of Things (IoT), and cloud computing both facilitate attacks and defend against them at a scale, speed, and level of sophistication never seen before. New types of malware, such as automated phishing tools and crypto mining software combined with emerging technologies, are expanding the cyber risk landscape. Organizations must continuously revisit their cybersecurity measures to defend against the onslaught.

Back to top

Where has this trend had an impact?

• A software company lost millions in revenue after it fell prey to a malware attack that scrambled computer hard drives, which affected its order receiving and processing systems.

• Security researchers unveiled vulnerabilities in connected medical devices that can be exploited by hackers remotely to alter vital signs of patients in real time and potentially cause medical staff to make inappropriate critical care decisions.

• A financial services firm experienced financial losses due to a software glitch in its high-frequency trading algorithm that forced the company to automatically sell overvalued shares back to the market at a lower price.

Back to top

What does this mean for organizations?

• Invisibility of cyber risks for digital transformation leaders and other senior executives because cyber risk management is distributed among lower-level IT professionals and technology service providers.

• Increased complexity in addressing new cyber risk challenges as the adoption of digital technologies, such as IoT and cloud, have increased the attack surface.

• Greater difficulty in identifying intelligent malware as it learns to mimic normal user behavior to avoid being detected.

• More instances of impact on physical safety, especially as automated attacks compromise or subvert physical systems, such as home automation systems and even industrial infrastructure.

• Increased frequency of intelligent attacks on a large scale using AI and automation technologies delivered via the cloud.

Back to top

How can organizations respond?

• Create a culture of risk intelligence and security awareness by clearly defining security-related roles and accountability for business units and technology groups undergoing digital transformation.

• Restructure processes to support DevSecOps by integrating security as an integral part of the development lifecycle and incorporating automation where possible.

• Augment existing cyber risk programs to account for the risks to newly deployed technologies, as well as the increasingly sophisticated nature of cyberattacks enabled by emerging technologies.

• Speed the adoption of digital technologies as a means to reduce technology complexity, make cyber threat protection simpler, and reduce the number of potential attack targets.

• Improve automation of security operations, secure code reviews, and digital identity management to reduce human errors, rein in escalating costs, and speed detection and response.

• Run crisis war-gaming exercises to train everyone who would be involved in a real crisis to improve their confidence in being able to address a variety of cyber incidents and crisis events.
  

Back to top