Privacy and cybersecurity enabling digital trust

The digital future relies heavily on digital trust, and organizations must align their privacy and cybersecurity strategy to meet the challenges it brings. But where is the root of this challenge? What do organizations need to understand? How can privacy and security measures be applied?

Overall context of digital trust in today’s digital economy

In the last three decades since the creation of the Internet, our lives, economies, and societies have changed dramatically, and the restrictions of the COVID-19 pandemic have accelerated the digital transformation even more. As seemingly endless new methods of online communication, commerce, and civic participation are being developed, the international community has become more acutely aware of a growing digital segregation due to economic, geographical, gender, social and educational inequalities excluding some groups from the benefits of digital transformation. As such, we’ve seen several valiant efforts to bridge this gap both from governments and organizations. Yet, the fight is unfair/unjust because as access and use increase, so does the digital risks ecosystem evolve, and the number of incidents related to data breaches, fraud and cybercrime rise globally and exponentially.

Clearly this is a problem, not only because bad things do happen in today’s digital economy but also because it discredits its whole ecosystem, undermining its implicit trustworthiness.

Digital Trust is a necessity in a global economy reliant on ever-increasing connectivity, data use, and new innovative technologies. To be trustworthy, technology must be secure (ensuring connected systems’ confidentiality, integrity, and availability) as well as responsibly used. The lack of assurances regarding these two aspects have led to a digital trust deficit. But understanding what measurable steps we can take to improve the trustworthiness of digital technologies through security and responsible technology use encourages stakeholders to prioritize the cybersecurity (including cyber resilience and security-by-design) and responsibility aspects of technology use (including, e.g., privacy protection, ethical and values-driven innovation, transparency in development, accountability, etc.) to rebuild digital trust. Because of a lack of security, alongside ethical lapses, lack of transparency, and other issues distrust of digital technologies is increasing. Normative efforts to define some of the parameters of state-to-corporate digital trust are being developed but they are still in their infancy.

To fully realize the potential benefits of internet access, we must match our investments in digital infrastructure, tools, and services with an equal investment in digital trust. Nowadays, digital trust plays a key role in how successful digital businesses are, as untrusted organizations will not trade, and consumers will not buy their products and services. Digital trust is the certainty that people have in the capacity of an organization to keep their digital data safe.

To invest in digital trust, what should organizations understand?

• That the investment is not optional and that the highlighted and differentiated role that both privacy and cybersecurity play in the trust model implemented is not simply because of the value of security and privacy alone, but for their business impact as well.
• That the efforts to sustain trust ought to consider two sides:

1. Supply-side: how the business and its partners collaborate to understand the business requirements and its implementation in a global and heterogeneous cultural, economic and social digital world.
2. Demand-side: how users and customers understand the challenge, its risks and consequent responsible behavior in the adoption and use of digital services and products.

How is the accelerated digital transformation affecting digital trust?

Today’s digital transformation, highly influenced by the COVID pandemic, has challenged the typical enterprise and turned it upside down, demanding flexibility but also business resilience in the current economic state that the world faces. These demands resulted in the digitalization of more products and services, displacement of employees and consumers to remote locations, changes in behavioral patterns and a shift in the cyber ecosystem, as more sophisticated and behavioral exploitation threats emerged. As the new normal settles in, all organizations will need to review the adopted strategies as well as assure an always connected 360° vigilant posture, and clarity on what business risks remote users promote to remain secure and to build a culture of digital trust!

Traditional trust models are not enough to meet the security demands of digital businesses that are exponentially expanding thanks to the COVID-19 pandemic. Initially, the concept of digital trust was generally concerned with the implementation of security and privacy controls. However, the current context demands a sustained focus on the implementation of privacy and security controls as to address the new digital context.

In which areas should privacy and security controls be implemented?

• Governance and Accountability: defining cyberspace digital ethics and strategic security and privacy principles, as well as appointing a Chief Trust Officer (CTrO) that will coordinate all organizational parties accountable in digital product and service design.
• Compliance: regulators are far more demanding therefore promoting an integrated risk management framework that considers both privacy and cybersecurity, enabling risk mitigation from different jurisdictions and that certifies online services as a Seal of Trust is the way forward.
• People-Centric Programs: designing structured training and awareness programs that will enable a homogeneous security and privacy culture within top-level management, employees as well as customers. There is a need to adjust how people work, communicate and share information securely.
• Third-Party Security Management: suppliers and partners play, more than ever, an important role in the trust model and are therefore to be monitored and assessed as to manage the risks introduced by these parties in the business processes.
• Identity Management: identity management as been around for long but new technological controls addressing current access challenges, such as Zero Trust Security and PAM (Privilege Access Management) platforms, are key to mitigate unauthorized accesses to information.
• Cloud Security: Companies have shifted their processes and businesses to the cloud as its benefits are huge, from lower upfront costs, reduced ongoing operational and administrative costs, ease of scaling, increased reliability and availability, and a whole new way of working. Cloud environments are considered more secure than on-premises data centers because cloud providers have made — and continue to make — significant investments to ensure data protection. Yet, it is in the contact points with on-premises infrastructures and users that further concerns should be addressed to manage security and privacy risks.
• Perimeter and EndPoint Security: extending perimeter security management beyond the traditional network perimeter to endpoint devices and users is crucial. EDR (Endpoint Detection and Response) solutions are the new technological platforms designed to address the challenges of user mobility and remote approach to doing business.
• Next generation SOCs: implementing next-generation SOCs that anticipate, automate and prevent security incidents by using user-behavior technology, artificial intelligence, machine learning and automation. Next generation SOCs thus increase an organizations capacity to monitor and correlate data from more information assets and threat intelligence sources resulting in a more efficient and clear understanding of its infrastructures expected behavior.

Digital trust is the seal of approval in a digital economy

Our digital future highly depends on digital trust: digital accountability, transparency and ethics. Understanding the many different driving forces and trends and their implications is the first step to building successful policies and strategies for digital trust.

Organizations will need to align their privacy and cybersecurity strategy to address the current and future challenges that digital trust will bring to those in the digital economy. On the other hand, users need to be informed, empowered participants in the digital world, able to make their own educated assessment of how to engage with and what to trust online.

Carla Zibreira

Digital Trust Business Unit Director at Axians Portugal