The impact of tech innovation on cyber security

Technology is released into the hands of consumers through two distinct ways: finishing and polishing the product before it hits the market, or the more popular route of releasing early and releasing often. Led by tech giants Apple and Microsoft, this iterative philosophy is tied to building a brand-following by putting innovation at the forefront. It sounds like a win-win; businesses are able to launch more products more frequently, and consumers receive digital breakthroughs as they arise. If there is a bug in the software, an update is launched to fix it and, likewise, if there is a new, improved feature. The business is able to essentially conform to the users’ needs as they evolve. This all sounds well and good, but is there a trade-off?

By now, we’ve all heard the horror stories tied to data breaches and cyber-attacks that have resulted in many European companies receiving penalties in connection with GDPR. As companies subsequently take proactive measures to improve cyber security, simultaneously the number of organised hacking groups are increasing and their tactics are getting bolder. When innovation takes priority over users’ security, people are put at risk. In this new digital age, is the fast-tracked route to market still savvy enough?

Apple as food for thought

In late August 2019, it took Apple a week to release an emergency fix to a vulnerability allowing malicious hackers to take control of all Apple computers, mobile devices and TV set-top boxes that were running the latest version of the company’s software. A billion users internationally were placed in a compromising position. There is an ethical and legal obligation for all products, tech or otherwise, to be fit for purpose. Whether its hardware or software, if its material or codebase is faulty and puts users at risk, the onus is on the manufacturer to rectify any wrongdoings. Apple being Apple meant that there wasn’t any long term damage to its brand, but for lesser known brands, this type of breach could severely impact their business. 

More innovation means more threats

Now is the peak of technological disruption and this exciting period is expected to last throughout the next decade, as new innovation rapidly emerges and gets introduced into society. Let’s take a look at some of the latest advancements: artificial intelligence; virtual reality; cloud computing; strategic automation; internet of things; voice search; facial recognition; 3D printing; robotics; drones; blockchain; autonomous vehicles; smart buildings… the list goes on and on.

Innovation is improving lives and transforming how business is conducted. But as technology advances, so does the realm for hacking. When cloud storage was released, hackers rejoiced as more valuable details were accessible on the internet, making their ‘jobs’ easier. All of these recent tech innovations provide new gateways for hackers to connect and explore the ins and outs of its users. Without layers of security that are on par with the capabilities of these hackers, users’ data will be an open book. 

Cyber security skills gap

There is a general digital skills shortage globally, and cyber security skills are a particular challenge, since the role profile constantly changes to reflect breakthroughs in new tech and user requirements, as well as laws and legislation. This means the cyber security workforce needs to constantly be re-educating themselves and tweaking their approach to mitigating risks before they arise. And what one organisation deems cyber security, another will weigh heavily on the other side of the spectrum; the terms ‘cyber security’ and ‘threats models’ can often be subjective. There aren’t any formal qualifications for cyber security or trade governance and, like most of the tech industry, there is a lack of diversity.

Security software developer

Malware-attacks reached an all-time high at 10.52 billion last year, according to the 2019 SonicWall Cyber Threat Report. And with this many threats, it’s no surprise that organisations are being breached at an unprecedented rate. Up until recently, many leading tech companies were solely reliant on their coding teams to build resilient systems. However, as hackers become more proficient and the consequences of launching vulnerable systems more stringent, the need to add an extra layer of cyber security is essential.

Specialist developers and analysts are increasingly being introduced into software development workflows to implement security-friendly scripting languages, and provide advanced knowledge of API security. For each phase of the software development lifecycle, these specialists conduct security and defence measure  analysis, and introduce countermeasures to ensure the end product is strong and reliable. They’re also actively upskilling architects to code in new ways and approach solutions differently.

The role of an ethical hacker

Cyber criminals are not just tapping into loopholes; they have sophisticated skills and are capable of decrypting some of the world’s most advanced systems. Their coding concepts are light-years ahead of the average coder, and they’re fuelled by criminal gain. The best way to outwit a hacker is to join them, or at least think like one. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious hacker. In fact, they both use the same skills however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there. 

An ethical hacker’s role is similar to that of a penetration tester, but it involves broader duties. They break into systems legally and ethically. This is the primary difference between ethical hackers and real hackers—the legality. Ethical hackers are usually brought in to review systems after they’ve been hacked to showcase vulnerabilities, or before a product is launched to ensure it is fully ready for the public.

As digital leaders, it’s our responsibility to manage the risks that come with the rewards of innovation.  Advances in digital technology, particularly in the fields of AI, machine learning and IoT, will continue to unlock a wealth of new services, industries and business models. Digital transformation is built on a foundation of trust of which cyber security is an important part. If done right, digital transformation should improve a company’s security position, not detract from it.