In recent times, digital transformation and the early stages of data and automation-driven economies as a result of ‘Industry 4.0’ has seen cybersecurity skyrocket high onto the priorities of boardroom meetings as companies innovate to deliver better customer experience.
It has not gone unnoticed that invoking an innovative cybersecurity culture with sound risk management principles will elevate cyber assurance and instill better confidence in product development lifecycles. Central to this shift is the acknowledgement that cybersecurity is not just a simple measure, but a strategy that needs to be aligned with business strategy congruently.
With the need for cybersecurity exerting more and more pressure even on long-established companies, some of them still find it difficult build the right level of expertise. Here at TÜV Rheinland, we believe that cybersecurity should also be seen as an investment in the future qualification of employees.
We got in touch with Mr. Urmez Daver, our Global Head for Industrial Cybersecurity in Digital Transformation & Cybersecurity, to give us his take on some of the key challenges in this realm, and some of the goals enterprises can collectively aim to strive for.
The dramatic expansion of digital capabilities, data, and devices, has created a larger surface area for cyberattackers to aim at – which should mean that the solution is in an expansion in the skills base. One of the main challenges here is the significant gap between the demand in skills, and the available talent.
TÜV Rheinland has been working with its clients to help them engineer cybersecurity and privacy into their product development lifecycle and also evaluate the effectiveness of measures that they have implemented for better managing cyber risks.
Technology alone, will not solve most, if not all the cybersecurity issues we have today. The right synergy between product development lifecycles, people, processes, and technology risk management will go a long way in creating products and solutions that are intrinsically secure.
The next few years
The rapid innovation and transformation that enterprises and their industrial technologies are undergoing are not going to slow down anytime soon, with the convergence of several technologies and regulatory developments like GDPR. Product and device manufacturers today have concerns around how their products and solutions interact with consumers/data processing infrastructure to deal with privacy tenets spelt by GDPR.
Despite developments such as the GDPR, the standards required to regulate security and privacy remain inadequate, and are often outpaced by new technologies and the evolving cyber risks. As the world has found out, the simple act of getting nations to agree on a common set of principles governing the privacy and cybersecurity realms presents a huge challenge by itself.
Having said that, government involvement in industrial IoT security for example is unlikely to gain traction quickly enough and would be better directed towards the regulation of breaches and security incidents in ways that make IoT makers take security more seriously. IoT will be an important test bed for the effectiveness of the GDPR.
Why work with TÜV Rheinland to improve privacy and cybersecurity
All in all, both privacy and cybersecurity requires better regulation and effective accreditation – the latter is something TÜV Rheinland can be engaged for through comprehensive testing, training, and consultation.
Our deep understanding of the markets and industries we serve, coupled with our unmatched depth of experience in solving complex safety, cybersecurity, privacy, and infrastructure challenges, makes us a credible partner of choice for organizations looking to mature and improve the risk posture of their products and solutions.
For more information, or to contact one of our experts, click below:
Expert Profile:
Urmez Daver is the Global Head for Industrial Cybersecurity Centre of Excellence at TÜV Rheinland and is also the Vice President for Cybersecurity Consulting services in Asia. He has more than 20 years of experience driving cybersecurity services business across different geographies. Over the past 2 decades he has witnessed the transformation of the cybersecurity landscape through the lens of his career starting with Digital Trust through PKI, Data Protection, First Generation of IT Security tools and services and an era which followed where the disciplines of Security Strategy, Architecture, Governance, Security Operations and Intelligence started becoming critical components to developing and managing a cybersecurity program for the enterprise. Currently is focused on the area of Industrial Cybersecurity driven by rapid digitalisation and convergence of emerging technologies, IoT, IIoT and embedded systems.