Separator

A Cyber Threat Averse World: Building Digital Trust

Separator
R.V. Raghu, CISA, CRISC, is director of Versatilist Consulting India Pvt. Ltd., which is active in India and the Middle East. Raghu cofounded Versatilist, which provides consulting, training and auditing services in information security, IT service management, business continuity and enterprise risk management

The world is more cyber-based than ever, with the physical world bleeding into the digital realm and vice versa so much so that the borders are no longer visible. Many of us expect things in the physical world to continue into the cyber world, and over time, technology has given us the verisimilitude that has made us that much more comfortable dealing with this cyber world, built on a fragile foundation of trust. The challenge then becomes how this trust is built and sustained.

In the real world, trust accretes over time with humans building trusted relationships based on how others behave, speak and act. In many ways, building trust takes time, and cultural mores sometimes act as proxies for trust. Translating this into the digital world is an interesting conundrum.

There are many challenges that need to be overcome so that there is a foundation for trust in the digital world. First, in the digital world, we cannot always see the other party, but we are expected to trust them, which can be difficult for many people. Second, in most cases, the transactional nature of these digital activities happens quickly, meaning that trust needs to be built quickly in a way that also endures. Third, considering that often there are several vendors/ suppliers/layers in the digital world, there is a need to trust each of them individually and as whole, which also takes time. Then there is technology itself, which is a double-edged sword, both enabling trust and being a source of threat to trust. Finally, in contrast to the real world, failure of trust in the digital world can spiral out and impact multiple entities, having widespread negative impacts before incidents can be identified and rectified.

"To be successful, organizations would do well to upskill staff so that they are able to contribute to building digital trust"

All this requires a structured and robust approach to building trust in the digital world, especially one where cyber threats abound and individuals and organizations are generally risk-averse. A whopping 91 percent of India-based respondents in the 2023 ISACA State of Digital Trust survey indicated that digital trust was extremely important or very important to their organizations.

I believe dual approaches are required to build the necessary digital trust, with actions taken both below the watermark within the organization and above the watermark in the external world to establish and sustain digital trust. Eighty-one percent of 2023 ISACA State of Digital Trust Survey respondents in India thought it was extremely important or very important for organizations to be independently graded on digital trust practices with results available publicly.

But this is not going to be easy. Among the many obstacles to achieving high levels of digital trust, lack of skills and training, lack of alignment of digital trust and enterprise goals, lack of technological resources and lack of leadership buy-in are cited among the top four obstacles by Indian respondents.

Fostering better collaboration between roles such as IT strategy/ governance, security, and information technology, which are considered key roles that contribute to strengthening digital trust, would also help


To be successful, organizations would do well to upskill staff so that they are able to contribute to building digital trust. It would also help if organizations focused on establishing alignment between the organization's goals and digital trust.

Chartering specific roles with the accountability and responsibility to drive digital trust would go a long way too only 13 percent of global respondents in the 2023 ISACA State of Digital Trust survey indicated they had a dedicated staff role for digital trust. Assigning staff with specific roles for spearheading digital trust initiatives will enable focus and support leadership buy-in.

Fostering better collaboration between roles such as IT strategy/governance, security, and information technology, which are considered key roles that contribute to strengthening digital trust, would also help. Some of the elements involved with strengthening digital trust include security, data integrity, privacy, risk management, governance, assurance and resilience, among other things. While enterprises have been working on these aspects singly and in combination, it would help if these exemplars of digital trust are woven together as a framework to strengthen organizational processes and activities so that the organization's maturity towards digital trust can be measured and demonstrated both internally and externally.

Using frameworks such as ISACA's Digital Trust Ecosystem Framework, which is under development, could also go a long way in establishing demonstrable digital trust. Adopting a framework approach allows a holistic view of the digital trust imperative, enabling comprehensive actions and continual improvement over time, leading to all round value and a self-fulfilling cycle of digital trust.

Finally, organizations should measure their performance on digital trust because measurement can help in identifying their current state and any actions they need to take, especially when measuring on a maturity scale. Measurements can also be made available publicly, providing that much needed visibility both internally and externally and becoming an indicator of digital trust, which can turn into a major competitive advantage.

As we continue to meld the cyber and physical worlds, it is important to make sure both are trusted spaces for all who use them. Organizations that can overcome these key challenges to build this trust with their stakeholders will not only reap business benefits but also make a difference in advancing a worthy cause for society.