Graham Croock, Director, BDO IT Advisory Services, BDO Johannesburg
South African businesses are, for a large part, uninformed and risk averse towards securing IOT. Enterprise, industrial and commercial IoT is a sticking point for business, particularly in South Africa, where boards of directors and senior executives are not yet knowledgeable about the benefits of IoT. This causes them to be exceptionally averse to risk, but this is changing as younger and more informed “Tech Savvy” executives are being appointed to boards.
Smart devices, connected using the internet to massive cloud data centres, have stimulated digital businesses in many industries. The IoT is just a component of the connected architecture but one, which is absolutely necessary for collection of data. Consider the impact, apple watches made on Discovery’s Vitality Active Rewards Programme which sets the scene for significant development in Hyper-Personalisation. Business technology architecture will in the near future be dependent on the deployment and implementation of products, services and platforms, which are capable of adapting to changing client needs. The use of integrated sensors, real time data analytics and artificial intelligence with embedded learning is about to become the mechanism for service industries to predict and react to fast moving client requirements. As this connected scenario matures,
IoT devices will naturally contribute significantly to the increased potential for a cyber-attack. This increased complexity of integration enhances the requirements for additional risk control procedures, tools and processes and emphasises the need for board members to enhance their understanding of the connected digital architecture used by their businesses.
Cyber Security threats have increased exponentially over the last 12 months due to a number of significant aspects:
- Scale of data
- Dependence on data
- Complexity of systems
- Budget constraints affecting implementation of appropriate controls.
The biggest issues in securing IoT for a business are budget constraints and the lack of knowledge about the systems and controls that are required for industrial systems which get affected by IoT devices. These include PLC’s (Programmable Logic Controllers) and API’s (Automated Programmable Interfaces), which have interfaces with Linux, Unix and other operating and application systems.
The association of big data with data created and or collected using IoT devices highlights the need by business for sophisticated artificial intelligence (AI) which will allow businesses and executives to understand data patterns in a meaningful way.
Many South African companies don’t get as far as having a defined strategy for IOT usage and implementation. When they consider IoT usage, usually the first thing they address is the lack of budget and cost of control. Unfortunately, the benefit does not drive the strategy, and strategy is driven by the cost; leaving us well behind the rest of the world.
Boards and Executives have generally not kept up to date with advancements in IOT Technology and thus, have insufficient knowledge which directly impacts on their level of trust and appetite for the use of IOT Technology. Costs associated with the Cost of Control “CoC” affect the level of take- up of IOT technology in SA. South African companies cant protect themselves by relying on protection methodoogies deployed by large organisations in advanced economies.
Board members and executives must decisively define and appreciate what digitalisation and connected IoT architectures mean for their businesses in local terms.They must realize and appreciate the severe threats associated with their local service offerings and customise risk management approaches for enhanced resilliance and sustinability.
As processing power, data accessibility and sophistication of algorithms increase, so will reliance by business on IoT, big data and artificial intelligence. It is no longer a matter of “If” but rather “When” as businesses that fail to recognise the impact of IoT, Big Data and artificial intelligence and their associated relationships will fail to be profitable and will soon be extinct.
Risk based strategies need to be the foundation for planned implementation of IoT projects and digitalisation. Without consulting specialists like BDO CyberLab and qualified engineers to perform risk assessments and vulnerability testing, the security design has a higher chance of failing, and with such weak designs, the control mechanisms will introduce breaches.
Read more BDO Insights