Ritesh Guttoo, EY Africa Cyber Leader, said: “The digitalisation trend is good and helpful to companies as long as it is done responsibly. But it does bring a whole new world of cyber risks and resultant security demands to small business and large, sophisticated organisations alike.
“Simply put, it dramatically increased the attack surface for cybercriminals who seem to be ever more ambitious and inventive.”
He said that risks were growing because digital work was no longer just the remit of the “techies and IT team”, but rather any end-user with the introduction of low-code and no-code development.
“What was once only the domain of specialists with tech backgrounds is no longer the case, which means sensitive data is now much more widely spread across an organisation - and relatively easier to access by the bad guys,“ Guttoo added.
The increasing use by businesses of bots, which are software programs that operate on the Internet and performs repetitive tasks, AI (Artificial Intelligence) and machine learning has also created new digital risks.
Said Guttoo: “For example when someone joins a company, they will often get an automated welcome e-mail not from a real person but a bot. And increasingly employees will interact with bots and AI for a host of functions in the workplace. But what is the ethical line on what bots and AI should suggest and execute? Are the algorithms sound and without prejudice?
“They are certainly effective, time saving tools for companies but need to be closely monitored as humans increase their interactions with machines.”
Another driver of rising security risk is Work from Home and Work from Anywhere - trends likely to persist even as some companies have introduced hybrid working and slowly return to the office.
“Before we left the office in response to lockdowns, organisations would typically have firewalls, network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.
“But now people are working on their own devices from all sorts of places, they are effectively bringing in their workstations to the work network.
“Work networks now have to be considered as a ‘zero trust’ network, meaning organisations can no longer consider their internal networks safe,” he noted.