The Internet of Things (IoT) is taking the internet into everything that impacts our lives — from engineering to health, banking to transportation. It is the future of digital connectivity, data accumulation and system efficiencies.
Cyber security in the context of smart cities is something that is being widely discussed — in the wake of unprecedented levels of digitisation across sectors. The definition of a smart city is relatively flexible and open to debate, but a common link between all interactions in a smart city is that they involve risk at some point. Whether it is driverless cars, digitised banking services, smart government services, or any business that offers automated services, are increasingly under the threat of cyber-attacks. A number of cities globally are looking at developing smart city cyber architecture — that is designed to ensure cyber security, legal and privacy compliance, considerations by embedding it into the design of its connected infrastructure and smart citizen services.
Businesses in the UAE and the wider region have not focused on cyber security traditionally. KPMG’s 2016 CEO Outlook Survey found that over 25 per cent of UAE CEOs viewed cyber security as a top three risk but only 7 per cent of UAE CEOs felt cyber security was an area of priority.
As the UAE presses ahead with its smart city agenda, boards of directors and senior management are becoming more aware that cybercrime is a risk management issue that affects the entire organisation, and that they should have specific plans in relation to cyber security which will not only eliminate risks but also facilitate growth avenues.
Assessment
The recent high profile attacks have resulted in a heightened cyber risk awareness in the region. This is prompting more organisations to assess their own internal cyber security frameworks. Organisations are realising that compliance-oriented risk assessment is no longer going to keep hackers at bay.
They are therefore moving from compliance-oriented risk assessment to cyber intelligence-based risk assessment. For instance, at a recently concluded cyber event held in the city, a major bank operating in the UAE announced that they had identified potential threats they face and the strategies they use to counteract them.
Organisations must focus on cyber intelligence or sophisticated data gathering mechanisms including finding the identity of the attacker, exploiting techniques and attack life cycle that can then help create more advanced threat management tactics. They can also subscribe to highly reliable commercial feeds which could help mitigate the cyber security risks.
Collaboration between sectors to ensure preparedness is also crucial. In this regard, the UAE set up the National Electronic Security Authority (NESA), to develop, monitor and supervise the implementation of cyber security standards across the UAE’s critical information infrastructure. NESA is instrumental in setting up a robust collaboration platform for organisations to share their risk and incident data without any confidential attribution.
This collaboration and knowledge sharing will be crucial as the UAE looks to achieve its smart city vision in the next few years, especially as it is encouraging the private and public sector to create collaborative networks. Internationally, it is with this intention that the three biggest banks in the US — J.P. Morgan, Bank of America and Goldman Sachs — formed a partnership that involves sharing information to ensure that a threat that appears against one entity can be contained quickly through intelligence.
The partnership will also make it possible for the three banks to jointly prepare and test-run cybercrime fighting tactics.
Cyber intelligence
In conclusion, making certain that cyber security earns its share of importance requires a change in the risk assessment framework that helps mitigate attacks while pursuing strategic growth opportunities — including making cyber intelligence a part of the wider risk assessment framework. This means creating an environment where the directors and senior leaders look at every business opportunity through a cyber-security lens.
Progress has been made in this regard but there is much more to do, especially in terms of investments. More broadly, businesses would benefit from the UAE smart city agenda but the vision will only be realised by forming strategic partnerships and collaboration between industry sector and peers on sharing critical information that are helping to effectively combat attacks. It is only then that a business can wield their cyber security capabilities as a competitive advantage.
The author is Associate Director, IT Advisory at KPMG Lower Gulf.
