Raising cybersecurity awareness designates a necessary step in successfully addressing cybersecurity issues of the 4th Industrial Revolution and forming ‘cyber intelligent’ leadership, workforce and citizenry.
Almost all organisations in the future will be digital, and 60% of all global GDP will come from digital sources by 2022, according to the World Economic Forum insight report Our Shared Digital Future.
The South African president, Cyril Ramaphosa, used recently hosted the World Economic Forum on Africa as a platform to announce that South Africa is holding its hopes on the economic potential of the 4th Industrial Revolution (4IR). He stated that the country is ready to embrace this revolution in order to curb and eliminate excessive unemployment, poverty and inequality. These hopes are partially based on the World Economic Forum’s claim that the 4IR could create 3 million more jobs across Africa by 2025.
Indeed, the perceived benefits of this revolution are numerous: from the utilisation of artificial intelligence and big data to autonomous vehicles and robotics. Generally speaking, we are nowadays witnessing a roll-out of 4IR technologies at an exponential rate.
While Ramaphosa’s reliance on the 4IR technologies is based on the scope for the creation of new jobs, driven by the emergence of new production and supply processes of goods and services, the net effect on jobs in an economy is dependent on the success of the country in terms of economic diversification and development of the skill levels of the workforce.
However, the consequence of a rapid introduction of modern technologies without having sufficient skills carries exponentially increased risk related to the safe and secure use of these technologies. Cybersecurity threats come in various forms and are increasingly threatening individuals, companies and national critical digital infrastructure. The introduction and development of the 4IR, particularly in the context of developing countries, will multiply these threats.
Although developing countries, such as South Africa, have introduced a number of legislative acts, the actual cyber protection seems to be lagging behind. For example, in July, a major electricity supplier in Johannesburg was hit by a ransomware attack, depriving millions of power. Also, the last month leaked UN Security Council report named South Africa among a number of countries targeted by hackers who infiltrated cryptocurrency exchanges, recently reported The Guardian. An estimated 570 suspected cyberattacks occur in South Africa every second, added the news outlet.
Both the 4IR technologies advancements and the cyber-attacks progressions are already happening at the lightning speed. However, very recent research, the State of Enterprise Security in South Africa 2019, conducted by World Wide Worx in partnership with Trend Micro and VMware, has revealed cybersecurity unpreparedness of South African businesses. Our own research also showed low cybersecurity awareness among the SA citizens, government officials and organisational users.
Awareness as the basic step in securing 4IR benefits
The World Economic Forum’s Future of Jobs Report predicts that leaders and organisations will need to understand and learn to harness four major technologies: the fifth-generation mobile networks (5G), cloud technology, big data and artificial intelligence (AI).
While we have a fairly good grip on cloud computing security, securing big data and the role of AI in cybersecurity are still fuzzy issues. Securing the 5G networks is even more uncertain as we do not have any practical experience with these still developing wireless networks.
However, the World Wide Worx report suggests that the emerging technologies linked to the 4IR offer more security opportunities than security risks, but many companies still do not perceive it that way. We have to add that government, its agencies and particularly citizens in South Africa are either not much informed about the 4IR issues linked to the cybersecurity that might enhance or jeopardize personal and national well-being.
Raising cybersecurity awareness, hence, designates the first step in successfully addressing cybersecurity issues of the 4IR. In other words, this should be an initial step in forming the ‘cyber intelligent’ leadership, workforce and citizenry.
In fact, there is an immediate need for improving cybersecurity culture at the organisational and societal levels in South Africa. The 4IR related cybersecurity awareness campaigns and programmes must include clearer guidance on what it means to be a ‘cyber-aware’ or ‘cyber intelligent’.
The advancement of the 4IR in South Africa (SA) might be, furthermore, imperilled by the carnet state of political, economic and societal affairs. A stagnant economy pushes for increased productivity and reduced costs, which are often realised through the deployment of modern ICT. Modernising economy through 4IR technologies, however, multiplies the possibility of cyber vulnerabilities. Unattended, due to unawareness or lack of skills, cyber threats can exuberate already questionable critical service delivery.
A while ago we have observed that possible tension between government and industry regarding responsibility for cybersecurity or between data protection and information sharing can also negatively impact on cybersecurity readiness of our organisations, government and citizens. If the current level of cybersecurity awareness persists, we can hardly expect many benefits from the 4IR.
Since the stake is too big to lose, we at VM Advisory believe that the introduction of the 4IR technologies must be accompanied with appropriate cybersecurity awareness campaigns.
South Africa already has the National Cyber Security Advisory Council, National Integrated ICT Policy, Protection of Personal Information Act, No 4 of 2013 (POPI Act), National Cybersecurity Policy Framework (NCPF) and Cybersecuirty Hub. This is all necessary and fine but now when President Ramaphosa is pushing for an accelerated introduction of the 4IR into South African economy and society – it is really time to act if we are to benefit from this, much-praised revolution.
It is, finally, worth of stressing again that weak cybersecurity can make benefits of 4IR null and void.