埃森哲-保护数字经济报告（英文）-2019.3-49页.pdf

SECURING THE DIGITAL ECONOMY Reinventing the Internet for Trust04 BUILDING ON TRUST 08 WHY THE INTERNET CANT SUSTAIN THE DIGITAL ECONOMY 12 The Internet Just Cant Keep Up 13 The IoT Effect 14 Identities in Crisis 15 No Flow Versus Free Flow 16 The Cost of Insecurity 17 Keeping Tabs on Cybersecurity Investments CONTENTS18 STEPPING UP TO MAKE A STAND ABOVE GROUND:BUSINESS INITIATIVES 21 Governance Join Forces with Other Companies and Govern Globally 26 Business Architecture Connect and Protect with a Business Model That Runs on Digital Trust BELOW GROUND:THE INTERNETS INFRASTRUCTURE 31 Technology Advance Businesses and Enhance Safety Through Technology35 PAVING THE WAY FOR A TRUSTWORTHY DIGITAL ECONOMY37 APPENDIX43 ACKNOWLEDGMENTS45 SOURCES47 ABOUT THE AUTHORSOmar AbboshGroup Chief Executive,Accenture Communications,Media&Technology Omar is responsible for the companys US$8 billion business serving the digital platforms,media,telecommunications,semiconductor and consumer electronics industries.Omar brings three decades of experience to his role,and his experience and deep connections in Silicon Valley enable him to stay ahead of key shifts across multiple technologies.AuthorsKelly BissellSenior Managing Director,Accenture SecurityKelly leads the companys US$2 billion security business across all industries.As a recognized cybersecurity expert,Kelly specializes in incident response,identity management,privacy and data protection,secure software development,and cyber risk management.Kellys vision is to help businesses embed security in everything they do.SECURING THE DIGITAL ECONOMY3SECURING THE DIGITAL ECONOMY4When a person creates an online account,makes a purchase from a website or downloads an app,its not just the exchange of data,goods or services taking place.Its a transaction in the ultimate currency:trust.Today,there is a real risk that trust in the digital economy is eroding.Why?The once open,global Internet has outgrown its original purpose as a communication and information-sharing tool.As the Internet has become more complex,digitally fueled innovation has outpaced the ability to introduce adequate safeguards against cybercriminals.Unless business leaders take effective action,there is a real risk that this lack of safeguards could reduce the growth of the entire digital economy,hurting both individual companies and the economy as a whole.CEOs are aware of the problem and have increased spending on cybersecurity in response to Building on Trust escalating cyberthreats.Companies have handled many threats with markedly successful results,but their efforts have not solved the larger problem of Internet fragility.Attackers need only a single lucky strike,while defenders must be constantly vigilant against any potential type of incursion.The fragile nature of the Internet is putting the value of the digital economy at risk,which is why CEOs need to end their piecemeal approach and put trust and security at the forefront of business strategy.SECURING THE DIGITAL ECONOMY5For a practical framework that can help safeguard the Internets future,leaders should look to an analogy from the oil and gas industry.Oil and gas executives spend much of their time determining how to maximize productionwhich often means focusing on the engineering and technology solutions that largely operate“below ground.”However,innovative extractive technologies are only part of the equation.Executives also have to address the many challenges related to business and operating models,strategy,politics and economics that exist“above ground.”Another above-ground action CEOs can take is steering what we call business architecturea companys own business model and value chainin a direction that makes their own enterprise secure.Examples of actions that can be taken include committing to giving data access only to people who need it and who have the right credentials.Importantly,they should extend their commitment to making their own enterprise secure to their partners,applying the same standards to their entire business ecosystem.And they should ensure that the very idea of a trusted digital economy is embedded in all future business models.Similarly,securing the digital economy will take more than fixing Internet technology and network issues below ground.There are also clear opportunities for CEOs to step up on the above-ground business initiatives.So,what can business leaders do above ground?CEOs can own and drive a secure Internet as a critical component of their business strategies.One key above-ground action would be improving governance.CEOs need to join forces with other top executives,government leaders and regulators to develop principle-based standards and policies to safeguard the Internet.In an analysis we conducted with 30 leading technologists,and additional fieldwork with 1,700 C-level executives,we uncovered concrete actions CEOs can take to begin the crucial work of securing the digital economy.SECURING THE DIGITAL ECONOMY6To some CEOs,above-ground decision-making opportunities may seem more accessible than below-ground choices,but leadership is needed in both,even from CEOs outside the technology sector.All CEOs also have the opportunity to influence and inspire technology infrastructure investments below ground.By making decisions to update everything from devices to cables and networks,CEOs can support the complexity and connectivity of todays Internet while also promoting security.These technology decisions present the third concrete way CEOs can proactively secure the digital economy.CEOs should Building a trustworthy digital economy will take decisiveand,at times,unconventionalleadership from the C-suite.Where should they start?By working collaboratively with each other.If they follow the roadmap detailed on page 7,leaders could bring back the confidence needed in the Internet for individuals,organizations and societies to innovate and grow.embrace new technologies that can advance their businesses and enhance digital safety.Meanwhile,they should elevate their understanding of how the same technologies can introduce unintended vulnerabilities.But the CEOs whose businesses focus on the Internet itself have an even greater responsibility:They can concentrate explicitly on promoting innovation in the Internets infrastructure.Their actions resolve inherent vulnerabilities,enable growth and prepare for the advent of quantum computing,which will present new opportunities and threats.BANKGovernance:Join Forces with Other Companies and Govern Globally74 percent of business leaders say solving the cybersecurity challenges of the Internet economy will require an organized group effort.Business Architecture:Connect and Protect with a Model Run on Digital Trust80 percent of business leaders say protecting companies from weaknesses in third parties is increasingly difficult given the complexity of todays sprawling Internet ecosystems.Technology:Advance Business and Enhance Safety79 percent of business leaders say the rate of technology adoption and innovation has outpaced the security features needed to ensure a resilient digital economy.ABOVE GROUNDBELOW GROUNDHow Leaders Can Address Internet Security:Above ground,the strategic initiatives of CEOs can lead to standards and best practices.Below ground,through innovative technology improvements,CEOs can invest in improving the Internets infrastructure.Standards and Best PracticesTechnology InvestmentsSECURING THE DIGITAL ECONOMY7WHY THE INTERNET CANT SUSTAIN THE DIGITAL ECONOMYSECURING THE DIGITAL ECONOMY9Without trust,the future of our digital economy and its nearly limitless potential is in peril.Piecemeal efforts to address cybersecurity issuesincluding the Internets inherent flaws,vulnerabilities from the Internet of Things(IoT),identity and data veracity and increasing digital fragmentationhave fallen short.Through their decisions above ground on industry-wide governance and their business architecture and technology infrastructure below ground,however,CEOs can have the influence necessary to collaboratively address these overarching issues.Many of the issues affecting todays Internet are due in part to its rapid growth in both users and applications.The entire digital economy is now dependent on the Internet.At the same time,while businesses,individuals and societies are increasingly connected,those connections are also becoming more complex.In 2007,there were 1.2 billion Internet users.In 2017,there were 4.2 billionmore than half of the global population.1 The number of IoT-connected devices will likely reach 25 billion by 2021.2 By 2024,Long-Term Evolution(LTE)networks(also called 4G)will cover an estimated 90 percent of the population,with 5G networks covering about 40 percent.3 Handling these connections requires more lines of code,more data and more capacity.Without a more resilient and trustworthy Internet,a single breach can have serious,cascading effects.For example,the 2017 NotPetya cyberattack cost Maersk more than US$300 million,and the damages to all other companies affected totaled more than US$10 billion.4Against this backdrop,with computers and networks so deeply embedded in critical infrastructure such as water supply and public health systems,the risks to both the economy and public safety are high.Consider the impact of the 2017 WannaCry cyberattack on the United Kingdom National Health Service(NHS).It led to the cancellation of 19,000 appointments and the diversion of ambulances,and ultimately cost almost 100 million.5Yet 79 percent of our respondents reported that their organization is adopting new and emerging technologies faster than they can address related security issues.SECURING THE DIGITAL ECONOMY10Exhibit 1:Dependence on the Internet is Growing While Confidence in Internet Security is Low and Forecast to Drop to 25 percent Over the Next Five Years.Even as 68 percent of CEOs report that their businesses dependence on the Internet is increasing,they acknowledge that their confidence in Internet security,already low at 30 percent,will drop even lower if nothing changes to improve it.In the next five years,the confidence level in the Internet is forecast to drop to 25 percent,while dependence on it is assumed to remain at 100 percent.(See Exhibit 1).Nearly 80 percent of the S&P 500 companies in our analysis have also mentioned cybersecurity initiatives during recent earnings calls.6 Five years ago,that figure was just slightly more than 50 percent.As the Internets fault lines are becoming more apparent,companies are trying to build trust equity and are publicly discussing ways to do so.However,only a relatively small percentage of companies are willing to openly discuss breachesan above-ground issue that CEOs need to address.(See Exhibit 2).100%2008100%90%80%70%60%50%40%30%20%10%0%201320182023Dependence on Internet23%10%76%25%30%19%Confidence in Internet100%Source:Accenture ResearchCompany mentions of cybersecurityCompany mentions of security breachesPositive sentiment toward cybersecuritySECURING THE DIGITAL ECONOMY11201320142015201620172017100103101106113117282524252631733334435335734535836837838318276294Exhibit 2:S&P 500 CEO Sentiment Toward Cybersecurity(Based on Transcripts from 11,418 Earnings Calls)Note:Each year is computed as trailing 12 months from September of the previous year to August of the current year.For example,2018 includes data from September 2017 to August 2018.Source:Accenture Research 4904403902902403405565758595105115125Sentiment Change(2013=100)Number of companiesHow did todays problems of Internet security originate?The Internet was not initially designed to address issues like perpetually increasing levels of complexity and connectivity.It was developed to enable high levels of data sharing,which requires trust.Researchers during the Cold War aimed to build a trusted communications network underground that could withstand a nuclear attack.Their concerns did not include preventing cyberattacks,largely because modern forms of cyberattack did not exist at the time.The Internet Just Cant Keep UpAs the Internet evolved from a military asset to an open infrastructure,security considerations,such as they were,focused on preventing physical failures.Today,many of the base Internet protocolsthe set of rules embedded in code so all machines on a network or series of interconnected networks“speak”the same languageare unfit for current demands and are insecure.This has led to increasing challenges below ground that CEOs should address.Consider the Border Gateway Protocol(BGP),a protocol that has been in use since 1994.BGP routes traffic through cables and connections among services providers,countries and continents.But BGP traffic is vulnerable in transit.In 2017,traffic to and from 80 Internet service providers(ISPs)was briefly routed to an unknown Russian operator,showing how easy it is to reroute information,whether intentionally or accidentally.7Other systems widely utilized on the Internet,such as the Domain Name System(DNS)and the Public Key Infrastructure(PKI),which underpins much of the encryption utilized on the Internet today,are similarly vulnerable to potential attacks.SECURING THE DIGITAL ECONOMY12The IoT EffectMore recently,the rise of the IoT has expanded the surface area of attack for enterprise networks from thousands of end pointsincluding remote devices,such as mobile phones and laptopsto several million for the largest companies.At the same time,the IoT compels all companies to suddenly manage what are often unfamiliar technology processes,where every connected device is a potential vulnerability.Take the case of an attack suffered by a North American casino.The casino had an Internet-connected fish tank that fed the fish automatically and monitored their environment.Hackers managed to use the fish tanks connection to break into the fish tank monitor and then use this as an entry point into the companys systems.The data was then sent to hackers in Finland.8 While the IoT has increased digital capabilities,improved efficiencies and unleashed growth opportunities for a wide variety of industries,it has also suddenly created complexity for all businesses,leaving them more vulnerable.SECURING THE DIGITAL ECONOMY13The“most fundamental challenge”facing business and society is around identity,according to Amit Mital,founder of Kernel Labs and former chief technology officer(CTO)at Symantec.But the challenge of authenticating identities and confirming the integrity of data on the Internet also presents a key opportunity for the C-suite to renew trust in the digital economy.Mital comments:“No individual has a single identity that they use in the digital world.This fragmentation requires too much effort for the individual to ensure consistency,reliability and security.As a service provider,if I cannot trust in the digital identity of a person,then that precludes me from providing services that I Identities in Crisis might want t