Digital transformation is no longer an aspiration but a pressing reality.
From a technology viewpoint we are talking about:
- Automation of previously physically performed tasks; and
- Industrial control systems including building management, waste control systems, water management and logistics controls; and
- Internet of Things devices including CCTV cameras, payment systems, facial recognition systems and access control management; and
- Use of the above and other systems to collect large amounts of sensitive data; and
- Artificial Intelligence to provide reports that include dashboards and predictive intelligence.
Simply put, anything that is “smart” can be hacked.
This includes everything from smart TVs to phones and any other device that is connected to the Internet. Some of the threat vectors here are when:
- Connected devices are compromised and end up ceasing their operation; and
- Privacy infringements lead to identity theft and extortion; and
- Dashboard reporting and predictive intelligence are incorrect due to the manipulation of ‘big data.’
So why would anyone work to compromise these potential vulnerabilities?
There are many organisations that use cyber risk as a direct attack vector:
- Organised crime – Verizon’s Data Breach Investigations Report in 2018 estimated that more than half of the breaches they investigated were organized crime related;
- Foreign state sponsored actors – amongst other things, Australia’s alliances with the Five Eyes and organisations such as NATO and our immigration policies mean we are a target for these kinds of attacks;
- Corporate espionage – theft of IP and contract/tender details can provide competitive advantage;
- Identity theft – financial and even more malicious intents; and
- Morons – some people just want to see the world burn.
For councils, cybersecurity must be considered as one of the key foundations for a digital transformation initiative.
Councils are rapidly moving to increase efficiencies and there are many exciting projects underway that will improve the lives of constituents. To minimize the risks associated with digital transformation, councils should be aware of how complex it is to set up a good security function. Through our experience working with councils around Australia, we have observed that the below are the most important aspects they should address before embarking on a digital transformation project:
Any digital transformation projects should begin with a consideration of the risks of adoption and dependence on new and connected cyber technologies; and
- Very few organisations have experts in cyber risk for IoT/IIoT within their security team. Best is to find a 3rd-party service provider that understands the digital transformation projects, outline the risk before commencement and mitigate them throughout the projects and into the future; and
- In conjunction with the experts develop a clear cyber risk management strategy. Have this ratified at the highest levels of your organisation and use it as a roadmap; and
- If possible, create a proof-of-concept environment where a vulnerability and risk assessment exercise will effectively highlight risks so that they can be mitigated, from the beginning; and
- Before project commencement outline at least a 2-year plan to maintain the security of the project components. This can include threat and operational monitoring from a Security Operations Centre, ongoing security consulting work and a regular programme of vulnerability and penetration testing.
These basic steps will ensure that there is organizational alignment when it comes to securing your council and mitigating serious consequences from hacks – effectively helping councils focus on delivering on the promises made to its constituents.
Let’s embrace digital transformation and make sure we consider the cyber risks and how to address them before we adopt the efficiencies, convenience and reporting that transformation is providing.
CTRL Group and Allcom Networks are always ready for a conversation to help get you started and optimize your digital transformation journey.