Digitalisation without the use of modern technologies? Inconceivable! With cloud computing, the Internet of Things is rapidly becoming part of our everyday life. It seems like magic that we can call up practically everything known to man with tools that fit in our pocket. With a few clicks we can summon items to our front door that are produced at the other end of the world. So far so good. However, nobody seems to be interested in the fact that the technological structures of the digital world are shaky and insecure.
This is precisely how Frank Rieger of the Chaos Computer Club (CCC) sees things. On Spiegel Online he explains the fragility of the foundations of Industry 4.0 by means of the following comparison:
The pillars of the world in the dawning digital age are crumbling. The technologies on which the networking of everyday life and the flows of information that drive the economy are based are more like temporary wooden frames than solid steel constructions. Generally everything functions – provided no-one jolts on the boards or saws through a beam.
Avoid flying blind during digitalisation
These digital wooden frames result in all sorts of security loopholes. They are the result of poorly written software. Programmers make errors – this much we know. However, it is frequently the case that IT management in German companies is, consciously or sub-consciously, heading towards unknown risks. Our study on the topic of digital security proves this. One third of all IT decision-makers in Germany are even implementing technologies when the IT risks are completely unknown.
Dr. Gerald Spiegel, Head of Information Security Solutions at Sopra Steria Consulting finds this insight shocking: “The fact that such a large number of IT decision-makers are, as it were, flying blind in their approach to digitalisation is worrying. The behaviour within the manufacturing sector is particularly rash – and this in spite of the fact that industrial plants increasingly fall victim to cyber attacks.” The prospects facing a digitalised economy are far from good if German companies are exposed to the danger of cyber attacks, in some cases with no protection whatsoever.
Digital negligence in German companies
The lack of initiative in many companies when it comes to protection against cyber attacks is disastrous. According to our study, this is the opinion of 85 percent of IT decision-makers. The fact that it is in particular board members and managing directors that play down the risk of cyber attacks is, given the liability risk, incomprehensible. Here the companies are fully aware of the digital weak points. And it is conceivable that their dependency on digital systems will continue to grow exponentially. Maintaining a high rate of innovation while simultaneously reducing IT costs just doesn’t work.
Adjusting investment in digital security to suit the rate of innovation
But how can you convert wooden structures into steel? When driving forward the digitalisation and automation of processes, companies should err on the side of caution. This includes pushing the introduction and implementation of a company-wide IT security strategy. This strategy must lay out the most important information security objectives and the principles for their implementation.
The IT security strategy should also address trends and new technologies. And this must take place on a continuous basis. The IT department must ensure that a security concept is submitted to the specialist department prior to an application or IT system “going live”. Furthermore, security-relevant programming errors can be avoided through the use of secure programming languages. Penetration tests for applications and IT systems – following a release change for example – are another important security component.
Digital excellence built on digital security
The digitalisation of the economy brings with it new and far-reaching challenges regarding the digital security within a company. Cyber attacks on IT infrastructures are becoming increasingly more complex and professionally executed. And they happen on a daily basis. Defensive measures are costly and require time. However, they are beneficial and necessary. Promoting a slower, but more digitally secure approach within IT departments and in front of board members certainly isn’t cool, but in the long term it is definitely the better strategy.
What are your thoughts? Leave a reply below or contact me by email.