Cyber issues, both provoked by an external source and due to an internal failure or negligence, are an integral part of the risk-set any organization has to stay aware of today. This is going to be one of the main conclusions of the report CCI and iTTi are jointly working on these hot Summer weeks. Therefore, in all cases criteria regarding risk tolerance levels (including the ones bound to the acceptance of residual risk) should be put into force by those individuals who have the authority to do so. They are no others than the organization`s management and, ultimately, governance teams (i.e., the board of directors). Anyway, as MIT’s Prof. Peter Weill declared a few years ago, it is not only needed to stablish a governance system (risk-related criteria, this time); but to follow them. Otherwise the whole decision-making system of the organization would result unfruitful.
The statements above become truly relevant in a time when cyber is gaining attention among the bad actors to the point that cybercrime is taking over traditional ways of crime. The industrial sector, where the digital systems controlling operational processes are being the new battlefield for cyber-attacks, knows it well. An example could be the water sub-sector which is currently preparing for cyberattacks given the increasing threats. Another example comes from the automotive sub-sector. Infotainment systems onboard modern connected cars, as well as their self-driving sub-systems are making vehicles an actual nightmare for anyone that sees her car stolen. In such a situation you will be not only losing a car [your car], but a complete data-logger with part of your life recorded on it.
Maybe such an undesired possibility is the reason for some manufacturers -Fiat Chrysler Automobiles could be a good example- to start focusing on software quality as part of their current and future manufacturing programs.
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!