As we enter 2017, this will be the year in which the potential cracks in the pillars of the knowledge economy start to show. The increasing role of Application Programming Interfaces (APIs) in providing the ‘joins’ of our connected economy, the rise of automated 3-D printing, new data-protection legislation and consumers’ unwillingness to share their data with breached businesses are just some of the main catalysts.
The glue that binds the digital economy could come unstuck
Until now, there has been very little talk of APIs in the context of cybersecurity. However, this will start to change as they become the ‘joins’ of the connected economy; enabling software and systems to interact as never before, uniting millions of businesses, products and services as they all drink together in the pool of ‘open data.’ Transport for London’s open API already powers over 500 new travel apps, while the Amazon Echo’s API could allow you to connect everything from your kettle to your car.
Yet by enabling different software to become fully interoperable, APIs will increasingly provide a potential pathway for cyber-attackers to hopscotch across every sector of the economy. Crucially, one of the potential consequences of APIs resides in the fact that all businesses, software and systems are only as secure as the weakest link in the API chain.
For example, one vulnerable API in an App Store can allow hackers to take over millions of smartphones. This means that software design and information security will increasingly come together, as business begins to realize that there must be a common standard of cybersecurity enshrined at the heart of the design process across the entire conjoined software ecosystem.
The pillars of the Knowledge Economy are starting to erode
Data is the fuel of the digital economy, and companies are becoming more dependent on it to implement everything from personalized healthcare to optimized transport services. Yet the health and integrity of a data-driven economy is utterly dependent on the integrity of the data underpinning it; and that integrity will come under increasing scrutiny over the coming year.
As legislation such as General Data Protection Regulation (GDPR) compels companies to disclose yet more customer data breaches, we will see consumers increasingly falsifying the personal details they share online. This will consequently undermine the integrity of a data-driven economy.
Widely-publicized thefts of customer data are often presented as purely an issue of reputation for the companies involved, yet recent reports confirm that they are already causing customers to become increasingly distrustful about sharing their information with companies. In the future, they may actively withhold data from certain companies in the same way that people wouldn’t leave their valuables with someone who kept losing them. This will cause a major shift in attitudes, with businesses and governments increasingly recognizing that data security threatens the very foundations of the knowledge economy.
GDPR will put ‘responsibility’ firmly in the boardroom
In 2017, we will see a massive shift of responsibility from IT departments to boardrooms. The looming GDPR gives data protection regulators real teeth, with the ability to levy fines of up to four percent of global turnover for the preceding year. It will also affect both controllers and processors of data.
The law will finally place accountability for cybersecurity squarely on the shoulders of the board. The law requires the creation of a new role, the ’data privacy officer’, but makes it clear that the board has ultimate veto power over the privacy-management strategy and ultimate responsibility for the success of that strategy.
The legislation will also drive an increase in businesses seeking cyber insurance as protection, creating a new imperative for businesses to incorporate cybersecurity into their risk management strategy. These developments will help to advance cybersecurity as a permanent seat in the boardroom over the coming year.
The industrial supply chain will become the ‘data supply chain’
With 3-D printers becoming a part of many factory assembly lines for everything from drones to cars to the parts inside power plants, the millions of lines of code inside printable files will become the ‘data supply chain’ of the future manufacturing industry. Its advantages are huge, enabling companies to avoid outsourcing to overseas plants, to make many products cheaper and/or build far more niche, personalized products.
Yet over the coming year, we will begin to see a new threat – that of industrial sabotage by cyber-attack. There is currently no universal cybersecurity quality assurance built into 3-D printing software and printers to alert manufacturers if design specifications have been changed.
These changes could render the printed object less robust in use, more prone to fail or hazardous to health. For example, it could be possible to make a drone crash by hacking the 3D printer and changing the design of the propeller.
We will also see increasing calls for a common standard of cybersecurity built into software and 3-D printers at the design stage so that any malicious tampering with the data is immediately apparent. The digitalization of manufacturing—and the threat of products reaching the mass market with built-in flaws—means that cybersecurity can no longer be treated as an afterthought.
The growing convergence of industry will be mirrored in the cybersecurity profession
Industry 4.0 will see the internet increasingly obliterating old boundaries between industries and services as the Internet of Things (IoT) binds all together. There could be up to 20.8 billion connected devices by 2020 and the UK has allocated £40 million for the Internet of Things. The Smart Cities and Communities European Innovation Partnership has also been backed by €365 million of European Commission funding.
As the IoT and smart cities create an increasingly joined-up world, where everything from traffic lights to ambulances are linked together, this will drive a growing realization that cyber-attacks can no longer be confined to one sector. In a connected economy, a cyber-attack on one system can quickly flow across into others, and threat intelligence from one sector, such as energy, could have implications in another industry, such as the energy supply chain.
As a result, the cybersecurity profession will increasingly begin to converge and share intelligence across sectors and industries. Companies are already beginning to call for cross-sector co-operation, and the GDPR will spur even more cross-sector cybersecurity co-operation, as every part of the data supply chain from the processors to the controllers, will now be legally accountable for the protection of data.
This could herald a new era where the cybersecurity profession is based on co-operation rather than competition.