Blogs

Don’t panic, risks in IoT can be managed and the cyber world can be secured

May 18, 2016

Posted by: George Malim

Dr Patrick Dixon

The massive proliferation of threats and the shifting nature of risk were highlighted at the recent WeDo Technologies Worldwide User Group Summit 2016 in Lisbon, Portugal. Among the presentations and discussions at the event, Dr Patrick Dixon, a futurist and founder of Global Change Ltd., examined how threats will alter and why traditional approaches won’t work. George Malim reports from Lisbon.

“Benchmarking is toxic to risk management,” Dixon began, pointing out that so many organisations rely on comparing themselves to industry standards or adopting specific processes and actions. The toxicity comes because the world has changed and accelerated and benchmarking is too slow and too reactive to handle new risks at the scale and pace that they present themselves.

Dixon pointed out that business destroying events happen in less time than an organisation can call a board meeting let alone come to a decision. These could be so-called co-incidental risks such as natural disasters or they could be risks that should have been identified and prepared for.

The sheer diversity and volume of threats facing businesses has proliferated to such an extent that traditional risk management approaches simply can’t keep up. In a dynamic presentation Dixon pointed out that, according to Symantec, there are 180bn spam emails a day, 600 trojans, malware and viruses each day, more than 220 million people’s data can be lost in a single attack, there are 100,000 attacks on the US Navy each hour and that 70% of large organisations have been hacked.

Risk, therefore is bigger than ever and it’s not just the headline events that present a threat to organisations. “The new emerging risk is not system failure, it’s that the system becomes too slow to meet users’ needs,” said Dixon.

The damage of reputational risk is starting to be recognised, although organisations have some way to go in fully addressing this emerging area. There’s a sense that complying with legislation will be enough but Dixon warned that while proving compliance might be enough for legislators, it won’t be enough for users,

“Cybersecurity has become a reputational risk as well,” he said. “Risk management is moving beyond compliance to be not just about the rules but about the spirit of the rules.”

The good news, for WeDo’s customers, most of which are telecoms operators although the company is starting to provide revenue assurance systems to companies in different industries, is that Dixon sees operators becoming more and more integral to the Internet of Things and the digital ecosystem. He detailed that as operators become banks, they’ll be in a better position to prevent fraud than traditional banks.

“The telco knows now when fraud happens, the bank knows yesterday,” he said, although there’s clearly room for them to become better at analysing their data to pre-emptively combat fraud. That integrated ecosystem of revenue assurance, risk management and fraud prevention should cut across companies and industries so fraudsters can be chased across countries and methods of attack.

“There’s a need for partnership and collaboration,” Dixon said, pointing out that while there might not seem to be an investment appetite for combating cyber attacks, huge resources exist.

Dixon explained that, while the machines are coming – robot sales are growing by 7% per annum in manufacturing – they will need to be secured. The money needed to achieve this through investing in new technology and services exists. $3.4tn is sitting in China, which is waiting to invest in attractive new opportunities and a further $2.4tn is sitting in the developing world, poised to be invested.

The lesson, then for WeDo’s audience should be that new approaches to revenue assurance and risk management will be required to address the new threats. Equally important though will be to take a new approach to these disciplines to take account of the new economy. For risk professionals, when told there isn’t sufficient investment available, there’s a clear argument to make that the capabilities are essential for all businesses and the cash to make it happen exists, at least somewhere in the world.