At the most basic level, digital transformation involves using digital technologies to change a business process to become more efficient or effective. It can involve many things, whether it’s process automation, a new website, improved user experience, or a migration to the cloud. The idea is to use technology not to replicate an existing service in a digital form, but to transform that service into something significantly better. Does your organization have a digital transformation strategy in place?

A recent study by Mordor Intelligence valued digital transformation at US$263 billion, and it is projected to reach US$767 billion by 2026. Since the COVID-19 pandemic, unpredictability has become the new normal in nearly every sector of business. Gartner’s forecasts indicate that IT spending will reach US$4.4 trillion this year. Leveraging digital transformation can help businesses build resilience to accelerate their growth, remain competitive, and take advantage of unique market opportunities.

Broad Culture Shifts for Companies

Changing business processes and corporate culture are just as vital to the success of digital transformation as the technical implementations. Company culture can heavily impact employees’ perception of change, and an unresponsive culture can result in wasted time and money. 

According to an article on ZDNet, there are five skills every company needs to achieve successful transformation: 

1. Digital fluency – Depending on the industry, digital fluency can range from a basic knowledge of Microsoft Suite to an in depth understanding of cloud computing.
2. Data analytics – Data analysis skills are needed to process data and use it in a way that’s both permissible and productive.
3. Digital marketing – Marketing skills are essential in engaging your customer base and ensuring a product’s financial success.
4. Cyber security – Cover potential risk areas by hiring those with cyber security skills
5. Leadership – Company leaders should possess a multitude of “soft” skills, such as expertise in communication, influence, empathy, and strategic thinking.

Digital transformation is about investing in a complete transformation of the business to increase the competitiveness and value of the organization. To increase the growth and ROI of technology investments, companies must be proactive in developing a digital transformation strategy that details the intended transformation of processes, work styles, and more.

Creating a More Sustainable Business

Digital transformation has played a key role in enabling remote working. There is a growing focus on leveraging IoT technologies to drive a seamless experience for the employees while creating carbon-neutral office spaces. Digital transformation has also helped employees to focus less on manual, monotonous activities and instead channel their efforts into more purposeful work thereby enabling a better work-life balance.

Sustainability and digital transformation initiatives impact one another in tandem. A sustainable business model alongside a digital business model makes sense, because transforming business processes to be more data-driven and efficient inevitably improves sustainability. Companies should start by renovating their economic models, work processes, and communication paradigms. 

Start Your Digital Transformation Journey

It’s important to prepare for your organization’s digital transformation journey beforehand. Check out Digital Transformation: Moving Toward a Digital Society, a five-course program from IEEE that provides the background knowledge needed to smartly implement digital tools into organizations.

Contact an IEEE Account Specialist to get organizational access.

Check it out for yourself on the IEEE Learning Network.

Resources

Charpentier, Laurent. (23 August 2022). Decades Into The ‘New’ Millennium, Finance Teams Still Struggle With (Lack Of) Digital Transformation. Forbes.

Ene, Carmen. (25 August 2022). The Next Frontier of Digital: Technology as A Sustainable Business Asset. Forbes.

Ganapathi, Chidambaram. (8 August 2022). Digital transformation is paving the way for a sustainable workplace. The Times of India.

Kenkare, Pallavi. (10 August 2022). Digital transformation: Top 5 skills you need to succeed. ZDNET. 

Ramalho, Tiago. (22 August 2022). Why You Can’t Have Digital Transformation Without Sustainability. Readwrite.

Samuels, Mark. (5 August 2022). What is digital transformation? Everything you need to know about how technology is changing business. ZDNET.

Williams, Daniel. (18 August 2022). How CIOs can approach digital transformation investments to increase value. TechRepublic.

In recent years, the automotive sector has undergone several rapid changes, including connected and autonomous vehicles, advanced driver assistance systems, and smart transportation. Although they have increased driver comfort and safety, these innovations are also associated with technological challenges—especially in the areas of data privacy and cyber security. According to The Business Research Company, the automotive cyber security market size is expected to reach US$4.16 billion by 2026, growing at a rate of over 19%. The good news is that automakers are adding hardware and software for better cyber defenses. The bad news is that criminal hackers are gaining more advanced capabilities. Furthermore, there are now more attack surfaces to hack and exploit.

It is important not to undersell the scale of this potential cyber attack problem. In 2021, only 32% of all American cars were “connected,” sending and receiving data on a regular basis. By 2025, that number may top 50%. Then in another ten years, the percentage of new US vehicles that will be connected is predicted to hit 95%. This expands the cyber attack playing field from just under a third of all new vehicles to almost all new vehicles.

Types of Attacks

One clear trend is the growth of remote hacks, which includes both web-based and nearby wireless attacks such as key-fob hacks. Remote hacks make up the majority, now accounting for about 85% of attacks. Upstream, a cyber security and data management platform, revealed that cyber attacks on cars have soared 225% in the last three years. They found that the most common automotive cyber attacks saw a data or privacy breach, followed by car theft or a break-in via the car’s wireless key fob mechanism.

“Without effective cyber security, everything from the infotainment system to the engine control unit is at risk. The issue is that the move toward connected, autonomous vehicles is outpacing automotive cyber security measures and regulations,” explained Charles Griffiths, Head of Technology and Innovation at IT of website AAG. Once carjackers enter a car with a cloned key, they can hack the engine control unit to turn the engine on and drive away. For cars in motion, hackers can tamper with settings like the auto brake or steering, potentially causing a serious accident.

Upgraded Technology Comes with New Threats 

The push towards more sophisticated levels of autonomy in the automotive sector is a challenge for security. Adding data-exchange and GPS signal-guidance to vehicles benefited drivers, but the extra technology increases the potential for significant cyber attack. Signals and data are weaknesses that we have intentionally introduced into vehicles in the last 20 years in favor of end-user benefits. And so far, these benefits have massively outweighed the risks.

Signal attack vectors are predicted to narrow over the next 20 years—making it harder for attackers and safer for drivers. Data interchange density problems and security weaknesses still exist, making vehicles the next version of the email hack (where there is unsecured data, there is money to be made from stealing that data). Currently, the responsibility for ensuring any such hack is unsuccessful is split between the individual vehicle component manufacturers, the overall vehicle manufacturer, and the seller of the vehicle. With the responsibility net unclear, unhardened security, and a vast array of potential data-targets, you have near perfect conditions for hackers.

Changing How We See Vehicles

Many technology-savvy people are very protective of their data. They’ll install the most impressive data security they can afford on their computer system, monitor their credit cards for fraud, and take other security measures. However, historically, people haven’t needed to think of their cars as a data-risk. As such, there isn’t a huge demand for ruggedized data security in vehicles. The connected car changes the very nature of what a car is, and mitigation of data-theft from connected cars has yet to mature. Until it does, high security is likely to remain a paid-for add-on for the foreseeable future.

Focus on Automotive Cyber Security

As the automotive industry continues to produce connected and autonomous vehicles, there is a need to better understand the safety and security of this technology. Automotive Cyber Security: Protecting the Vehicular Network is a five-course program that aims to foster the discussion on automotive cyber security solutions.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

 

Resources:

Bradley, Tim. (28 June 2022). Cyber attacks on cars up 225 percent: how hackers could be targeting your vehicle. Express.

Fyler, Tony. (21 July 2022). Cyber-Attack Vectors in the Automotive Sector – Part 1: Signal Attacks. TechHQ.

Fyler, Tony. (21 July 2022). Cyber-Attack Vectors in the Automotive Sector – Part 2: Data Attacks. TechHQ.

FWM. (August 2022). Evolution of the automotive sector – data privacy and cyber security. Financier Worldwide Magazine.

Juliussen, Egil. (29 June 2022). Automotive Cybersecurity: More Than In-Vehicle and Cloud. EE Times Europe.

Liao, Rita. (25 July 2022). Real Driverless Cars Legal in China’s Shenzhen. TechCrunch.

MRH. (27 July 2022). Smart Transportation Market Segments, Opportunity, Growth and Forecast by End-use Industry 2022-2030. This Is Ardee.

Straits Research. (25 July 2022). Advanced Driver Assistance System Market Size is projected to reach USD 57.90 Billion by 2030, growing at a CAGR of 18.3%. GlobeNewswire.

TBRC Business Research Pvt Ltd. (20 July 2022). Automotive Cybersecurity Global Market to Grow at Rate Of 19% Through 2026. EIN Newswires.

Not all hackers are criminals. In fact, ethical hackers – security experts who infiltrate networks and computer systems with authorization from their owners – are increasingly being hired to identify vulnerabilities in cyber security systems, and helping organizations stop cyber crime before the attacks happen.

The need for ethical hackers is rising alongside increasing waves of cyber crime. According to  Accenture’s recent State of Cybersecurity Resilience report, cyber security attacks grew 31% between 2020 and 2021, with organizations receiving 270 attacks in 2021. IBM’s “Cost Of Data Breach Report,” published last year, found that such breaches cost businesses an average of $4.24 million USD, the highest recorded in the report’s 17-year history. 

According to Indeed.com, an ethical hacker’s job consists of three main roles:

• Assessing security: Periodic assessments that include seeking vulnerabilities and suggesting ways to reduce risks
• Threat modeling: Identifying what areas to focus on when securing the system (evolves alongside new applications and circumstances)
• Documentation: Reporting findings with clear, well-written documentation

Ethical Hackers Say Industrial Sector Must Evolve on Cyber Security

One area where ethical hackers are increasingly needed is the industrial sector. As ComputerWeekly reported, a team of ethical hackers from the Netherlands recently won the Pwn2Own international hacker contest for spotting weaknesses in a number of industrial control systems. With the industrial sector currently undergoing a digital revolution, such vulnerabilities could potentially unleash wide-scale security breaches.

The ethical hackers, Daan Keuper and Thijs Alkemade, who won the same contest last year for identifying weaknesses in a widely-used teleconferencing platform, unearthed five vulnerabilities in applications used to manage systems or control communication. What they discovered revealed that the industrial sector’s tradition of separating IT and OT networks is no longer sustainable, since machines and equipment in a digitized industrial controls system will all be connected.

The industry will not easily solve this problem. Much of today’s machines and equipment are old and ill-equipped to handle modern security needs. Moreover, the IT network typically acts as the primary security source. Once breached, the OT network vulnerabilities make it “relatively easy to take over machines, modify processes or bring the whole thing to a standstill – with far-reaching consequences,” Alkemade told ComputerWeekly.

Keuper compared current security strategies to a castle surrounded by a moat, wall, and gates. 

“That works really well if you only have one or two drawbridges, because you can guard them well,” he said. “But in today’s digital networks, you have like a thousand drawbridges. That’s impossible to monitor or secure.” 

What can the industrial sector do to make their networks more secure? According to Alkemade and Keuper, IT and OT network professionals must start working together to better understand security needs. Because IT and OT have conflicting interests, with IT prioritizing confidentiality and OT prioritizing availability, the hackers concluded that this will require the industry’s culture to evolve.

As systems and networks become more connected, cyber crime is guaranteed to get worse. Is your organization aware of all the potential vulnerabilities in its network? Consider hiring ethical hackers or training your technical team to find them.

Supporting IT Departments

Aimed to assist businesses understand the weak points in their cyber security infrastructure, Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks is an eight-course program from IEEE. It is ideal for mid/advanced technical professionals across all industries in IT, computer science, and related fields, as well as executives who need a working knowledge of ethical hacking.

Contact an IEEE Account Specialist today to learn more about training your organization using this course program.

Interested in learning more about this topic for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Loohuis, Kim. (31 May 2022). Industrial systems not safe for the future, say Dutch ethical hackers. ComputerWeekly.com.

Indeed Editorial Team. (17 May 2022). How To Become an Ethical Hacker (2022 Guide). Indeed.

(2021). State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture.

A number of new laws – recently passed in Europe, China, the U.S., and Brazil – are presenting an urgent need for organizations to develop data privacy policies. Not only are these laws creating compliance concerns, they are also compelling organizations to start embracing data privacy as a core value.

How Can Organizations Establish Data Privacy Policies As A Core Value?

According to Kevin Shepherdson, CEO and Founder of Straits Interactive, a leading data privacy consultancy in Singapore, transformation around data privacy needs to start with an organization’s leadership. Senior leaders need to clarify that their organizations take data privacy seriously. They should provide the necessary resources to institute a data protection management program (DPMP). This also should include training their staff around such programs.

“We often see data breaches being described as ‘human error’, which is unacceptable to regulators and should not happen where there is sufficient staff training and strong ‘tone at the top,’” Shepherdson writes in CPO Magazine. “As important as initiating the DPMP is sustaining it. The organization must maintain compliance efforts by educating stakeholders about its data protection policies. This includes conducting regular data privacy audits and regular risk assessments.”

How Can Organizations Successfully Implement a Data Privacy Program?

Stu Sjouwerman, founder and CEO of KnowBe4, which develops security awareness training and simulated phishing platforms, offers the following four recommendations for organizations that want to implement a successful data privacy program, which he originally outlined in Security Magazine:

1. Be inclusive of every department in your organization: Data security impacts every facet of your organization. Each department likely processes data in its own way, so it’s important to include each department, process, and vendor in your data privacy plans.
2. Track your practices using documentation: Documenting your data privacy practices as you go along will give you valuable perspective into how your practices deliver value and risk. “Map out your entire data lifecycle (using data flow diagrams) and the process each department uses to collect, store, access, use and share consumer data,” writes Sjouwerman. “Outline the organization’s legal and contractual obligations and the process with which end users can manage their privacy rights.”.
3. Go Beyond Compliance: Organizations have a tendency to see legal and compliance obligations as “a checklist of items that need to be crossed.” According to Sjouwerman, this is a common mistake. Instead, he suggests looking at privacy as your users’ fundamental right. Your organization’s compliance practices must work to uphold this right.
4. Continuously re-assess your data privacy practices: No organization stays the same. Departments, processes, vendors, products, and people change over time. As such, it’s important to regularly assess your data privacy practices to ensure they are evolving with your organization. According to Sjouwerman, this involves undergoing a Data Protection Impact Assessment. He says this will help “identify risks proactively and reduce the likelihood of any impact to the organization or its customers.”

With data privacy laws becoming more common, privacy policies are no longer a consideration – they are a necessity. Is your organization equipped with the knowledge to implement a successful data privacy program?

Data Privacy by Design

Privacy has emerged to be a critical aspect of our increasingly digitized world. Technological innovations are progressively becoming more intrusive into our personal lives attempting to extract sensitive personal information. This is often detrimental to an individual when any breach or spillage of data leads to a severe impact such as financial loss or identity theft.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Sjouwerman, Stu. (22 March 2022). Data privacy in 2022: Four recommendations for businesses and consumers. Security Magazine.

Shepherdson, Kevin. (18 March 2022). Data Privacy in 2022: Navigating the Ever-shifting Terrain. CPO Magazine.

From healthcare to supply chains, the decentralized nature of blockchain has the potential to fundamentally restructure the way organizations do business. Once fully implemented, it will also make the internet far more secure against cyber attacks – and give users greater control over their personal data.

How Does Blockchain Make the Internet More Secure?

Centralized networks are often vulnerable to cyber attacks because they tend to have few IP addresses, which hackers can easily penetrate using relatively simple schemes such as phishing. Once in, cyber criminals can do extensive damage, as recently demonstrated by waves of ransomware attacks costing companies an average of $4.24 million USD. However, the decentralized nature of blockchain presents a possible solution, as these complicated networks are far more difficult for hackers to access.

“For those blockchain solutions utilizing proof of work validation methods (such as bitcoin), hackers have to gain control of a majority of nodes to compromise ledger transactions — something that is, by design, computationally expensive,” Robert Napoli, a business strategist who writes about cybersecurity and digital transformation, wrote in Forbes. “This computational cost can be extended to other types of operations in a security scheme, reducing the need for a trusted central authority.”

Transitioning internet domain name servers (IDNs), which link web browsers to websites, to the blockchain, for instance, would disperse resources “to multiple nodes, making it infeasible for hackers to control the database,” Napoli adds. He noted that blockchain can be secured even further with the help of artificial intelligence technology.

Blockchain, Decentralized Identity, and Digital Identity Wallets

Aside from making networks more secure, blockchain technology can also give users a decentralized online identity that shields their personal data against breaches. According to Deepak Gupta, a cyber security innovator, tech strategist, and cofounder of LoginRadius, writing in VentureBeat, a decentralized identity “is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider.”

With a decentralized identity (DID), users have digital “identity wallets” that store proof of their identity in a single location, which they can use to grant or deny access to third parties on the network. Not only do identity wallets give users an easier, more secure way to share their information, they also give users greater power over their own data.

According to Gupta, authentication through decentralized identity and blockchain include the following steps:

1. 1. The identity wallet contains the user’s verified identity details, including their name, age, address, education, employment details, and financial data. This creates a foundation of trust and confirms the user is eligible for authentication.
   2. The decentralized identity feature uses the public key associated with the private key and publishes it onto a distributed ledger like blockchain.
   3. As the decentralized system delivers the public key to the blockchain, the identity wallet receives a unique decentralized identifier representing the user across the internet.
   4. The user shares this identifier with the service provider to get authentication.
   5. The service provider seeks the shared identifier in the blockchain. If and when this is found, the blockchain then sends matching data to the application. The user then completes authentication by adding a signature using a private key.

The service provider application verifies authentication, allowing the user to take action.

The decentralized nature of blockchain has the potential to revolutionize cyber security, but will also come with radical changes. Is your organization prepared to take on this complex technology?

Designing Blockchain Solutions

Get practical guidance for how to design a blockchain solution with the IEEE five-course program, A Step-by-Step Approach to Designing Blockchain Solutions. Developed by experts, this course program recaps the basics of the technology; the expected benefits of a blockchain solution; how a solution would benefit a prospect company; and more.

Contact an IEEE Account Specialist to learn more about how this program can benefit your organization.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Gupta, Deepak. (5 March 2022). Decentralized identity using blockchain. VentureBeat.  

Napoli, Robert. (4 March 2022). How Blockchain Could Revolutionize Cybersecurity. Forbes. 

Despite a rush of new data privacy regulations around the world, many organizations have yet to transform the way they collect user data. However, due to the digitization and interconnectedness of modern-day businesses, those that wait to transform their policies may soon find themselves in trouble.

“Waiting even a year or two to start building out a compliant data privacy and management program will cost more, take longer, and be more disruptive to your business operations than having to adapt strong, existing processes to legislative and cultural changes,” wrote Jodi Daniels, CEO of Red Clover Advisors, an organization that assists companies in simplifying their data privacy practices, in Inc.com.

Alternatively, organizations that start building the new regulations into data privacy programs “have a unique opportunity to market themselves as a forward-thinking, consumer-friendly industry leader,” she added.

Three Rules That Should Replace Your Current Data Privacy Practices

As organizations come under increasing pressure — both from regulators and the public — to transform their practices around data collection, they will need to start adapting new rules. Writing in Harvard Business Review, Hossein Rahnama, an associate professor at Ryerson University in Toronto, and Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, recommend that organizations should put:

1. Trust before transactions: Many organizations currently collect troves of consumer data without obtaining user permission. However, as regulations become the norm, “data collected with meaningful consent” will become the most valuable data— given that it will become the only data that organizations will be allowed to use. As such, organizations will need to start creating processes in which they obtain explicit permission to obtain data, as well as a plan that clearly communicates with customers how their data will be used.
2. Insight before identity: Organizations also need to make data transfer processes between themselves and other organizations more secure. Instead of transferring data through traditional data agreements, they should consider adopting technology like federated learning and trust networks that use algorithms to obtain insight from data without having to transfer the actual data.
3. Flows before silos: Currently, chief information officers and chief data officers tend to work in silos. However, making the above changes should help them be able to break free of silos. By working with each other, they can better achieve a shared goal of obtaining the best possible insight from customer data.
   
   “For instance, a bank’s mortgage unit can secure a customer’s consent to help the customer move into their new house by sharing the new address with service providers such as moving companies, utilities, and internet providers,” explain Rahnama and Pentland. “The bank can then act as a middleman to secure personalized offers and services for customers, while also notifying providers of address changes and move-in dates. The end result is a data ecosystem that is trustworthy, secure, and under customer control.”

Is your organization ready to deal with the growing onset of new data privacy regulations? While you may think it’s smarter to watch and wait, preparing for them in advance is the best way to avoid potential problems in the future.

Data Privacy Training for Your Organization

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Daniels, Jodi. (3 March 2022). Why You Shouldn’t Wait to Build Out Your Company’s Data Privacy Function. Inc.com. 

Rahnama, Hossein and Pentland, Alex “Sandy.” (25 February 2022). The New Rules of Data Privacy. Harvard Business Review.

As the 2022 Winter Olympics began, so too did increased concerns over security. While no threats have been detected so far, the FBI has warned that various cyber criminals could try to take advantage of the Olympics. Their aim may be to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals,” Tech Radar reported. 

Among the FBI’s major concerns is that these potential attacks could result in breaches to Olympic participants’ and workers’ personal information. The agency warned those involved to use a VPN and consistently monitor networks and endpoints. Furthermore, they should review security policies, user agreements, and patching procedures.

Organizations Fined Under the European Union’s General Data Protection Regulation (GDPR)

As we reported in a previous post, European agencies are issuing hefty fines on organizations they claim are failing to comply with the GDPR. In January, France’s data protection agency, the Commission Nationale de l’Informatique et des Libertés, fined Google and Facebook $210 million USD for allegedly violating the GDPR. Later, Austria’s Data Protection Authority found that the use of Google Analytics violates the GDPR. 

Given the widespread use of Google Analytics, this decision is expected to have a far-reaching and powerful impact. According to the International Association of Privacy Professionals (IAPP), the decision is the first of 101 complaints filed across EU nations by NOYB, an advocacy organization. 

The group alleges that the companies’ use of Google Analytics was not in line with the requirements for the Court of Justice of the European Union’s “Schrems II” ruling on data transfers. (Declared in July 2020, that decision invalidated the EU-U.S. Privacy Shield agreement. This is a framework for regulating transatlantic transfers of personal data for commercial use between the United States and the EU.)

According to the ruling, Google is collecting and transferring users’ personal data to the U.S. without shielding data from U.S. government surveillance. It also found that steps taken by the company to protect users, such as data encryption, were not enough. Some experts fear the decision could make legal data transfer between continents difficult, if not impossible. 

“In the absence of a breakthrough in Privacy Shield negotiations, data transfers – and consequently international trade – between the EU and U.S. face a bleak future,” says IAPP Senior Fellow Omer Tene. 

More Organizations Fined

The IAPP also reported that Belgium’s Data Protection Authority recently slapped IAB Europe, an association for the digital marketing and advertising ecosystem, with a €250,000 fine. The authority is claiming that IAB’s Transparency and Consent Framework (TCF), followed by many advertisers in the EU, does not comply with the GDPR. Among its accusations, the authority has claimed that IAB Europe acted as a data controller, which the organization denies. It also accused IAB Europe of failing to comply with a number of requirements under the GDPR. These include appointing a data protection officer, establishing a legal basis for processing, and performing a data protection impact assessment. IAB Europe has just two months to show that its framework is compliant with the rules. On 11 February, IAB Europe confirmed that it will appeal the ruling.

While data privacy laws can be confusing, one thing is clear: organizations that fail to comply with them can expect big penalties. Is your organization ready to deal with these new laws?

Data Privacy Engineering

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Fadilpasic, Sead. (2 February 2022). FBI warns Beijing Winter Olympics could be a big target for cyberattacks. TechRadar.

Bryant, Jennifer. (2 February 2022). Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations. IAPP.

Bryant, Jennifer. (20 January 2022). Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’. IAPP.

(11 February 2022). IAB Europe to Appeal Belgian Data Protection Authority Ruling. IAB Europe.

Since 2020, waves of ransomware attacks have battered both private and government sectors. To combat this, the U.S. government has released a strategy aimed at pushing federal agencies to boost their cyber security efforts. 

According to CNN, the plan aims to integrate a “zero-trust” approach to cyber security, a philosophy which dictates that a network should trust nothing outside its confines. Under this approach, federal employees will have to go through numerous layers of security to sign into agency networks. It will also require organizations to keep a complete inventory of electronic devices on their networks.

The plan, announced in a memo by the Office of Management and Budget at the end of January, comes on the heels of a cyber security executive order signed by U.S. President Joe Biden in May 2021. Agencies will have until the end of 2024 to meet these requirements. 

The U.S. government is also taking steps to secure the country’s water supply, which, according to The Washington Post, spans 150,000 water utilities. As reported by ZDNet, the Industrial Control Systems Cybersecurity Initiative — Water and Wastewater Sector Action Plan will set up a leadership task force from across the water utility industry, launch incident monitoring pilot programs, enhance information sharing, and offer technical support to water systems that need assistance. 

Survey Finds Three Major “Perception” Gaps Between Security-Focused Executives

The private sector is also taking steps to prioritize cyber security. However, according to the Global Cybersecurity Outlook 2022, which surveyed more than 120 global cyber leaders, there are some differences in how security-focused executives perceive cyber security matters within their organizations. According to the World Economic Forum, these “perception gaps” include: 

1. How much cyber security is prioritized in business decisions:
While 92% of surveyed business executives thought cyber security is “integrated into enterprise risk management strategies,” only 55% of security-focused executives agreed.

2. Obtaining cyber security support from leadership:
While 84% of respondents said cyber resilience is seen as a business priority in their organization that is supported and directed by leadership, only 68% saw it as a major component of their risk management. Many leaders charged with cyber security reported they were not being consulted on business decisions. This disconnect could become a problem that could detrimentally affect security. 

3. Recruiting and retaining cyber security professionals:
59% of respondents said it would be challenging to respond to a cyber security incident due to their teams lacking skills. As such, most respondents saw recruiting and maintaining talent as their biggest challenge. However, business executives seemed “less acutely aware” of the gap between the skills possessed by staff and the skills needed. 

Given these findings, executives should take steps to ensure they are incorporating the perspectives of their cyber security leadership in business decisions, and should also ensure they are prioritizing cyber security in all aspects of their decision making. 

Improving Cyber Security in Your Organization

Are you facing perception gaps that are hindering your cyber security practices? What are your cyber security resolutions for the coming year and beyond? Having the proper tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Resources

Lyngaas, Sean. (26 January 2022). White House attempts to strengthen federal cybersecurity after major hacks. CNN.

Bissell, Kelly and Pipikaite, Algirde. (18 January 2022). What you need to know about cybersecurity in 2022. World Economic Forum.

If you thought your digital transformation was going to be a slow-moving transition, think again. According to a recent research report from Information Services Group (ISG), the COVID-19 pandemic has expedited enterprise digital transformation by three to five years. Also, it’s a major trend in modern business fueling demand for technology and service providers, reports by Help Net Security.

“The pandemic has forced enterprises to explore new ways to enable remote work, manage supply and demand and remain competitive,” Prashant Kelker, partner and America’s leader, ISG Digital, told the publication. “Providers are supporting transformations that involve not just technology but a company’s entire operations and organization.”

How Can You Ensure Success for Your Organization in 2022?

Below is a summary of four Do’s and Don’ts for starting your digital transformation, according to Rajan Sethuraman, CEO of LatentView Analytics, originally published in Enterpriser Projects:

Focus on security:
With thousands of organizations transitioning to remote and hybrid office environments, many are at risk of cyber attacks. These new online environments mean that IT departments will have an even more difficult time making sure their employees aren’t falling prey to phishing and other scams. Organizations need to prioritize security with processes such as auditing employees’ remote work equipment and retraining them on IT guidelines for remote work as needed.

Don’t begin your digital transformation initiative without relying on your data:
Because your data is key to knowing where and how to start your digital transformation, it can guide you on how to make the best use of your resources and prevent bottlenecks in your workflow. 

Establish an effective, long-term hybrid work model:
With the ongoing pandemic, there is a good chance that hybrid work will become a new normal. It’s important to think about how to make your hybrid work model effective. For example, how will  your employees work together across different time zones? Also, how frequently will you require them to come to the office?

Don’t underestimate customer experience:
Digital transformation and customer experience are deeply entwined. Be sure to keep customer experience central to your transition. Consider where in the process you can enhance customer service. For example, creating a more “robust and organized database” will allow your customer service team to better respond to customers. To do this, you need deep knowledge of the customer journey. This means familiarizing yourself with every aspect of the customer experience, so you can make improvements as necessary. 

Your organization’s efforts are almost certain to face setbacks and uncertainty, especially as the pandemic continues to trigger unexpected supply chain and labor force hiccups. Staying focused on what you know while learning to navigate the unexpected will be essential to the success of your transformation.

Prepare Your Organization for Digital Transformation

Get your organization ready for digital transformation. The IEEE five-course program, Digital Transformation: Moving Toward a Digital Society, aims to foster a discussion around how digital transformation can transform various industries while also providing the background knowledge needed to smartly implement digital tools into organizations.

Contact an IEEE Account Specialist to get organizational access, or check it out for yourself on the IEEE Learning Network.

Resources

(11 January 2022). How the pandemic fueled enterprise digital transformation. Help Net Security.

Sethuraman, Rajan. (3 January 2022). Digital transformation: 4 do’s and don’ts for 2022. Enterpriser Project.

As modern vehicles grow increasingly connected, they are becoming a boon to cyber criminals in the process. According to the AV-TEST Institute, cyber attacks targeting vehicles increased to about 1.1 billion by the end of 2020. This is a significant rise compared to roughly 65 million a decade ago. 

A number of new standards, regulations, and best practices aim to help curb these attacks. Among these include 29 regulations from the United Nations Economic Commission for Europe (UNECE). In addition, there is the National Highway Traffic Safety Administration (NHTSA) best practices report. The SAE J3101 standard outlines hardware-protected security requirements for applications in ground vehicles. Moreover, the ISO/SAE 21434 standard is designed to safeguard vehicles from security risks across their lifetime. According to Security Boulevard, the new ISO/SAE 21434 standard specifies “various engineering requirements and recommendations.” It covers risk management in the concept, product development, production, operation, maintenance, and decommissioning of electrical and electronic systems in vehicles, components, and interfaces. This automotive cyber security standard is significant. It will spur automakers, suppliers, and product developers to adopt a vigorous cyber security culture.

What Will This Cultural Shift Entail?

The auto industry’s cyber security cultural evolution will consist of transformations that are both human and technical, according to Automotive World. 

Human:

Every employee will need a basic understanding of cyber security and techniques for reducing risks. This means that employees involved in vehicle design will have to undergo regular training. Select experts will need to oversee cyber security in various organizational divisions. Furthermore, special budgets for security will need to be developed, and new functions and features will need to undergo testing.

“Security has to be part of the thought process, but this is going to be quite a difficult transition for many organisations as it is a fairly new topic for the auto industry,” Dr. Dennis Kengo Oka, Principal Automotive Security Strategist at global software company Synopsys, told Automotive World. “This will require a cultural change to promote cyber security from the top down.”

Technical:

New technical solutions will help safeguard vehicles from cyber criminals. Additionally, there are services that help original equipment manufacturers and suppliers make more secure products. However, there will still be security challenges. For example, open-source software has saved time and money for the auto industry, but it also increases the chances of errors. These errors create doorways for hackers. For this reason, it is essential to bring in services that specialize in automating open-source software management that can help identify potential issues.

“Large automotive organisations cannot develop everything on their own, and in many cases those open-source software components are very beneficial,” said Oka. “The challenge in using open-source software is managing it; you need to know which components and versions are being used in your products and systems. Also, you must identify if there are any vulnerabilities associated with those versions.”

As hackers grow more sophisticated, so will the challenge of securing modern vehicles. By creating a sound cyber security culture across the automotive industry from the ground-up, automakers and suppliers can ensure their vehicles and products are trustworthy and safe.

Understanding Automotive Cyber Security

Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements. This is important for both intelligent vehicles and the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Neustadter, Dana. (5 August 2021). Protecting Automotive Socs Starts With Secure Ip. Semiconductor Engineering. 

Oka, Dennis Kengo. (19 July 2021). Practical solutions for a secure automotive software development process following ISO/SAE 21434. Security Boulevard. 

Holmes, Freddie. (14 July 2021). Automakers must champion cyber security. Automotive World.