Digital fremtid og Cybersikkerhet IIAs årskonferanse @Scandic Ørnen - Bergen- 29.05.18 Rune Skjelvan Partner Advisory KPMG Leder KPMG Advisory
1. Hva er den nye teknologien - og hvordan treffer den oss?
KPMG Top Executive Survey 2017 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 3
«Alt som kan digitaliseres vil bli digitalisert» og alle bransjer blir berørt BILINDUSTRI LUFTFART ENERGI BANKER JURIDISKE TJENESTER FORSVAR AVANSERT PRODUKSJON FORNYBAR ENERGI INVESTERINGS-BANKER FORSKNING FARMASØYTISK & BIOTEKNOLOGI NATURRESSURSER TELEKOM ØVRIGE FINANSIELLE TJENESTER AKADEMIA 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 4
Årsakene til digialisering Vekst og inntjening Kundeorientering Trivsel ansatte/ Kompetanseutvikling Standardisering/ riktighet Kvalitet/ Pålitelighet Produktivitet/ Yteevne Skalering 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 5
Organisasjoner jobber i økende grad i økosystem ifm digitalisering SELSKAPET Start-ups og andre innovative miljøer Oppkjøp & Investeringer Data Allianser & Samarbeidspartnere Akademiske institusjoner 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 6
Teknologitrender selskaper Hvilke selskaper er det som driver utviklingen innen teknologi og innovasjon? Google # 1 Apple # 2 Microsoft # 3 IBM # 4 Amazon # 5 Tesla Motors # 5 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 7
42 % Trender Artificial Intelligence Blockchain Computing Machines Automation Big Data Augmented Reality Robots IOT System Integration Industry 4.0 Cyber Security Cloud
Disruptive Technologies Enable business and industry transformation Internet of Things (IoT) Robotics Artificial Intelligence (AI) Cognitive Computing
Intelligent automatisering 4 typer ferdigheter Transaksjoner Tolkning Samhandling Anbefale/ Beslutte Regel-basert automasjon Analytisk automasjon Automatisert dialog Kognitiv automasjon Utfører transaksjoner basert på standardregler og arbeidsflyt Tolker ustrukturerte data, språk, bilder, lyd Har samtaler og samhandling, avklare behov og støtte Anbefalinger basert på prediksjon av data Strukturerte input data Definert arbeidsflyt Definerte regler Eksisterende applikasjoner Tolker ustrukturerte data, bilder, video, lyd Basiskunnskap Strukturerer data Language processing Interpretation Confer with knowledge base Generate response Big data Gjenkjenne mønstre Maskinlæring Logikk Teknologi Teknologi Teknologi Teknologi 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 10
2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 11
2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 12
2. Hvilke konsekvenser har digitalisering for oss? -
Growing pains 2018 Global CEO Outlook
Making digital a personal crusade New technologies are going to allow our people to do a lot more with less. Tarek Sultan CEO and Vice Chairman Agility 2018 KPMG International Cooperative ("KPMG International"), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG such network authority of independent to obligate or member bind any firms member affiliated firm. with All rights KPMG reserved International Cooperative, a Swiss entity. All rights reserved. 15
Making digital a personal crusade More than half of all CEOs 62% expect AI to create more jobs than it destroys. 2018 KPMG International Cooperative ("KPMG International"), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG such network authority of independent to obligate or member bind any firms member affiliated firm. with All rights KPMG reserved International Cooperative, a Swiss entity. All rights reserved. 16
Making digital a personal crusade 95% While transformation requires patience and time, 95% of CEOs see technological disruption an opportunity not a threat to their business. 54% 54% of CEOs are actively disrupting in the sector they operate in, rather than waiting to be disrupted by competitors. 2018 KPMG International Cooperative ("KPMG International"), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG such network authority of independent to obligate or member bind any firms member affiliated firm. with All rights KPMG reserved International Cooperative, a Swiss entity. All rights reserved. 17
Offentlig sektor er også i bevegelse 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 18
Internett har på få år gjennomsyret våre liv 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 19
Disse gjennomsyrer også våre liv for tiden
Hvem er trusselaktørene? HACKTIVISME Hacking inspirert av idelologi ORGANISERT KRIMINALITET Global, kompetent, vanskelig å spore og forfølge INNSIDERE Tilsiktet eller utilsiktet? FIENDTLIGE NASJONER Statssponset spionasje og sabotasje 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 22
NorSIS: 6 grunner til at SMB angripes 1. Betaler oftere løsepenger 2. Har mye verdifull informasjon 3. Døråpner til større bedrifter 4. Kan gi tilgang til andre SMB 5. Har svakere cyberforsvar 6. Mindre risikabelt å angripe 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 23
http://images.techhive.com/images/article/2017/05/kaboom-wanna-cry-100722685-gallery.idge.jpg
Ikke overbevist? Brian Krebs: The value of a hacked company
3. Hvordan jobbe med cybersikkerhet fremover?
Exposure to growth headwinds Cyber placed 2 nd in 2018 in terms of risks hampering future growth, up from 5 th place in 2017. 20% of Norwegian respondents indicated they are wellprepared for a cyber attack 2018 KPMG International Cooperative ("KPMG International"), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG such network authority of independent to obligate or member bind any firms member affiliated firm. with All rights KPMG reserved International Cooperative, a Swiss entity. All rights reserved. 28
Exposure to growth headwinds Cyber threats remain a certainty with 60% of Norwegian CEOs saying that becoming the victim of a cyber attack is a case of when and not if. 2018 KPMG International Cooperative ("KPMG International"), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG such network authority of independent to obligate or member bind any firms member affiliated firm. with All rights KPMG reserved International Cooperative, a Swiss entity. All rights reserved. 29
Først og fremst: Finn ut hvor moden virksomheten din er Cybersikkerhet er ikke relevant for oss. Jeg har robuste policyer /beskyttelse. Jeg forstår ikke hvordan vi ble kompromittert Eller her! Kapabilitet Jeg er bekymret, men vet ikke hva jeg skal gjøre med det...og en sterk andrelinje compliancefunksjon Her Vi trenger å bli mer tilpasningsdyktige for å håndtere trusselen Her Det er ingen fullstendig sikkerhet, vi må håndtere risiko Vi kan ikke gjøre dette alene Vi er en del av fellesskapet Umoden I utvikling Investerer Avansert Ledende Begrenset bevissthet Diskusjon rundt hva det betyr for din virksomhet Investering for forbedring Styret krever bedre styringsinformasjon om cyberrisiko Leder som en del av fellesskapet Tillit til basis sikkerhetsteknologi Søker støtte og råd Implementerer fortsatt hovedsakelig i tekniske løsninger Etablerer strukturerte sikkerhetsprogrammer Bygger et «cyber økosystem» med kunder/leverandører Ingen kontroller eller complianceprosess Policyer på plass og grunnleggende sikkerhetsprosesser Styrker policyer og compliance Styring av trusler og sårbarheter. Etterretningsbasert tilnærming Sett som et teknologiproblem Ofte drevet av regulatoriske problemstillinger Grunnleggende sikkerhetsarkitektur Sikkerhetstester regelmessig. Cyber-robusthet Begynner kampanjer for utdanning og bevissthet Initierer sikkerhetsaktiviteter i hele leveransekjeden Kvantifisering av risiko og løsningsstrategi Teknologidrevet. 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 32
Dernest: Ta en helsesjekk på virksomheten Sentrale spørsmål for ledelsen: Hva er de nye cybertruslene, og hvordan kan de påvirke vår organisasjon og virksomhet? Er vår organisasjon godt nok rustet til å møte dette trussellandskapet? Hvilke risikoindikatorer bør vi overvåke for effektiv risikostyring? CMA rammeverk Cyber Maturity Assesment 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 33
4. Hvem har ansvaret?
I en tid med digitalisering er fortsatt ansvaret analogt 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 35
NSM erfarer fortsatt at virksomhetenes IKTavdeling kan ha implementert gode og fornuftige sikringstiltak, men at tiltakene ikke er forankret i ledelsen. Sikkerhetsarbeidet blir dermed ikke prioritert som del av den totale styringen av virksomheten.
Andre har også begynt å snu fortegnet 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 38
Cybersikkerhet helt til topps Component 1 BOARD AWARENESS Component 2 GOVERNANCE Component 3 DASHBOARD 2018 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. 39
http://www.kpmgcyberbenchmark.com
There are only two types of companies: Those that have been hacked and those that will be. And even they are converging into one category: Companies that have been hacked and will be hacked again.
Takk for oppmerksomheten! Rune Skjelvan rune.skjelvan@kpmg.no +47 4063 9732