عرض العناصر حسب علامة : الامن السيبراني
IMA يطلق برنامج شهادة الأمن السيبراني وممارسات البيانات
سيمنح برنامج الشهادة الجديد المتخصصين في المحاسبة والمالية الأدوات والمعرفة اللازمة لمعالجة مشكلات الأمن السيبراني داخل مؤسساتهم
الاستثمار في الذكاء الاصطناعي
يُعد الذكاء الاصطناعي (AI) أولوية إستراتيجية للشركات، لكن القيود في هذا المجال تعني أن بعض قدرات الأدوات تظل غير معروفة للمستخدمين، وقد يتعين على القوى العاملة البدء في تطوير المهارات عاجلاً وليس آجلاً.
أكبر التحديات في إدارة المخاطر لعام 2023
لتحقيق الازدهار في بيئة المخاطر المعقدة والمتغيرة باستمرار، يبحث قادة الأعمال اليوم عن الطريقة الأكثر فاعلية للتخفيف من مجموعة من المخاطر المحتملة التي يمكن أن تعرقل المبادرات والعمليات الاستراتيجية.
ما هي برامج المحاسبة ؟
برامج المحاسبة هي برامج تساعد المحاسبين في تسجيل المعاملات المالية للشركة والإبلاغ عنها كما تختلف وظيفة برنامج المحاسبة من برنامج لآخر. قد تختار الشركات الأكبر حجمًا اخيتار برنامج مخصص يدمج كمية هائلة من البيانات من العديد من الأقسام المختلفة.
أولى خطوات الأمن المالي للمحاسبة الآمنة
توفر التكنولوجيا القائمة على السحابة فرصًا ومخاطر على حد سواء للشركات، ولكنها أيضًا تشكل خطرًا. مع تزايد اتجاهات القرصنة وسرقة البيانات، أصبح نظام المحاسبة الآمن أكثر أهمية بالنسبة للمهام. دعنا نستكشف خطوات الأمان المالي الأولى التي تحتاج إلى اتخاذها مع نظام المحاسبة الخاص بك.
معلومات إضافية
-
المحتوى بالإنجليزية
Cloud-based technology offers both opportunities and dangers for businesses, but also danger. As hacking and data theft trends rise, a secure accounting system is even more mission-critical. Let’s explore the first financial security steps you need to take with your accounting system.
FIRST FINANCIAL SECURITY
First Financial security Steps you Need to Take
These are serious threats to your company’s, even customers’ financial security and data. However, you can prevent them with an effective plan and accounting system. To help, here are the first financial security steps you should take.
1. Know your threats
The threats outlined above are the overarching threats all modern companies face. However, your individual company faces these threats, as well as unique threats depending on your operation and industry. Be granular with your threat assessments. This will help you pinpoint what kind of functionalities you need in place to keep you secure.
2. Know your regulations
Some of your security threats may be covered within business regulations you must follow. These regulations protect you, your customers, and ensure proper accounting standards. Some industries are more heavily regulated in accounting security and reporting regulations, including Government contractors and nonprofits. Review your industry regulations to incorporate them with your other financial security needs.
3. Establish security requirements
Work with your team to identify risk factors to create a comprehensive financial security requirements list. As you collaborate, internal controls should be considered too. These play a big role in defining additional functionality you need from an accounting system.
4. Choose for the right accounting system
You’ve established financial security requirements, now you need a secure accounting system. The reality is that basic accounting security features like usernames and passwords aren’t enough anymore. Most accounting apps lack in-depth internal security features or are restrictive in their deployment. You’ll need to be able to tailor the security requirements and processes to your specific needs.
Next Steps: Choosing an Accounting Solution
The first financial security steps will likely lead you to invest in a more flexible, secure accounting solution. To help, be sure to check out our free 2020 Accounting Technology Buyer’s Guide. You’ll get details on critical accounting security features alongside other valuable features for an efficient and reliable accounting system.
ما هو الأمن السيبراني المحاسبي
معلومات إضافية
-
المحتوى بالإنجليزية
Accounting cybersecurity is a growing issue. Financial data, in particular, is a prime target for hackers and data theft efforts, making this a nightmare for accounting professionals and businesses alike. As a result, IT teams and accountants must consider how to keep precious data secure.
In this article, we look at how accountants can structure an accounting cybersecurity strategy to keep financial data secure. Above all, we discuss tips to keep financial data secure and champion dual cyber security and accounting best practices throughout your organization. Also, we examine cloud-based accounting software features that keep data safe and secure.
cybersecurity blog accounting seed
Why Accounting Cybersecurity Needs To Be Top-Of-Mind
While the cloud has made accounting easier to access and manage, it’s also opened up many more threats than conventional paper-pen bookwork. To clarify, even robust IT infrastructures can be targeted and penetrated by hackers and cybercriminals. But, what’s even more disheartening and dangerous is that internal accounting data threats are even more costly.
Some think that cyber security and data security are not linked to the accounting life cycle. This isn’t true. For example, besides hacking, financial data threats can include errors and unintentional data breach that necessitates sophisticated solutions to safeguard data. Accountants and accounting firms know that financial data breaches threaten livelihood, business growth, customer relations, and more. Similarly, the same account details you use to track debits and credits are vulnerable to malware and malicious activity.
Stolen accounting data can include:
Account numbers
Transaction details
Credit card numbers
Bank accounts
Usernames
Passwords
Personal and private information
Most importantly, the biggest danger is assuming that ‘my accounting firm’ or ‘my company’s financial data’ isn’t threatened. Data breaches in the financial services industry, and in general, are on the rise.
The State Of Accounting Cybersecurity Attacks 2021
2020 saw a major shift to remote workstyles due to the COVID-19 pandemic, but an equal plague is the rise of cyberattacks. For instance, this year the total number of data breaches surpassed 2020 by 17%. In fact, 1,291 breaches occurred in 2021, compared to 1,108 in 2020. This increase shows a significant rise in cyber attacks that have grown more sophisticated with the rise in cybersecurity measures.
How does one account for the cost of these data breaches? First, here’s a snapshot of the years leading up to 2020:
cybersecurity blog accounting seed
Currently, the average cost of data breach for companies is $4.24M, the highest in 17 years. For businesses and accounting firms alike, the mere risk of such a loss is extreme. More importantly, a companies’ reputation can also face immense backlash, even resulting in it having to close. These stories are not rare by any means.
Examples Of Accounting Cybersecurity Breaches
Sequoia Capital (2021)
Financial institutions like Sequoia Capital are often the targets of criminals seeking to hack financial data. This example was not as severe as it could have been, only one employee’s email was successfully hacked through a “wire diversion scam.”In fact, just one data breach can jeopardize customer and business financial data resulting in significant financial loss. Even more, Sequoia had to deal with informing customers and potential investors.
Capital One Data Breach (2019)
This is a prime example of how unguarded internal accounting processes can cause major damage to a company. One of Capital One’s own employees illegally accessed one of the Amazon Web Servers storing vital data and stole 100 million credit card applications. As a result, approximately 140,000 social security numbers were leaked, as well as 80,000 bank account numbers.
What About Small Business Data Breach?
You may think criminals only want to hack the financial data of enterprise size or large businesses? Not true. Small to medium-sized businesses are prime targets too, only the consequences can be more devastating. According to an Inc. article, 60% of small businesses fail within six months of a cyber attack.
Even if a business doesn’t close, the costs of a data breach can be immense. For example, an Oregon-based accounting firm, Gustafson & Co, experienced a massive data breach and was forced to pay $50K after 1,900 individuals were exposed.
Cyber Security For Accounting Firms: 6 Essential Practices
There are risks to your financial data both outside of and inside of your organization. Subsequently, it’s not hard to take control and get ahead of these threats. Preventing or at least mitigating data breaches starts with putting the proper protections in place. There is already evidence that with increased awareness of cybercrime and increased security investment, companies can protect themselves effectively. But, this comes with a dual focus on safe practices and technology. Start doing these financial security steps right now!
1. Know Your Threats
As an accountant, you face threats like hacking, ransomware, and phishing scams, but internal threats and errors are just as compromising. Accidental data sharing can occur easily with untrained staff, and there are multiple ways data relevant to the financial lifecycle can be misplaced. It’s critical to analyze how your individual organization handles data and create accountability into your actual accounting practices for proper data management.
2. Train Your Staff
As the accounting profession becomes more intertwined with IT and cloud accounting, protecting financial data will take precedent. Instilling a sense of ownership in financial data is a vital necessity. For instance, do this by educating your team on the growing threats and risks of a financial data breach and how to prevent ransomware attacks. In the same vein, accounting system security is critical not only for your accounting firm and your reputation but also for your customers. Accounting Seed values accounting security so much, we make it our mission to provide resources to help accountants and businesses protect their data. Check out our free guide and webinar.
3. Know Your Regulations
Some of your security threats may be covered within business, state, and federal regulations you must follow. This is especially the case if your accounting firm contracts with the federal government. These regulations protect you, your customers, and ensure proper accounting standards. Document these requirements and incorporate them into your reporting and accounting standards.
4. Design An Approval And Validation System
Your most trusted and experienced managers and approvers must take ownership. Establish which actions and data need to be looked over and approved by higher-level managers. Besides ensuring the most experienced and trustworthy staff members have the final authority on using data, this also helps protect your accounting firm from potential errors. Remember, accidental data sharing is common, and about 80% of data breaches are caused by internal human errors. Constructing an approval and validation system helps ensure no mistakes are made that would jeopardize your data.
5. Establish Security Requirements
Work with your team to identify risk factors to create a comprehensive financial security requirements list. Besides taking in specific accounting practices and regulations, examine your unique process to see where data slips may occur. As you collaborate, internal controls should be considered too. These play a big role in defining additional functionality you need from an accounting system.
6. Choose The Right Accounting System
The most critical step in accounting cybersecurity is choosing the right accounting system. The best plans and established financial security requirements mean nothing if you can’t implement them. Or, if you’re forced to implement these protections manually. The reality is that basic accounting security features like usernames and passwords aren’t enough anymore. To secure your accounting system against current cyber threats and ransomware attacks, you need a flexible system that has both strong encryption and automated internal security functions.
Keep Financial Data Secure With Reliable Accounting Software
Besides helping your accounting firm manage and analyze finances more efficiently and effectively, one of the core uses of accounting software is protecting your financial data. Remember, you’re not just protecting your firm, you’re protecting the identities and data of your clients. Investing in a secure accounting platform isn’t just necessary, it is a vital step to ensuring your company’s sustainability. Not to mention, your customers’ safety and well-being. But what constitutes a secure accounting system?
Three Core Areas Financial Data Security Features:
1. Natural Event Protection
Securing data through the cloud and with backups to ensure natural disasters and physical destruction or malfunction does not expose or lose data. The cloud has helped eliminate a lot of these threats, so make sure your financial data can be stored on the cloud and accessed virtually.
2. External Threat Protection
This refers to protection from hackers trying to hack financial data – your first line of defense. Strong, secure Application Programming Interface (API) is important to ensure the safety of your financial data as you connect it with other applications. Encryption and overall robust IT infrastructure is also critical to keeping hackers out.
3. Internal Threat Protection
This is your second, more intensive layer of defense which protects you from both external and internal intrusions. If an external threat breaks past firewalls or encryptions, they then have to contend with passwords, permissions, and user hierarchy. Things like passwords and usernames are pretty standard protections across various products, but they’re not enough. More in-depth features are needed to create an extra barrier against cyberthreats while also protecting your accounting data against potential internal errors or malicious activity.
Here Are Some Core Features To Look For:
Two-Factor Authentication
Two-factor authentication lets you enable a second level of authentication for every login. You can also implement a two-factor authentication when a user is performing a specific function like examining billing reports or approving expenses.
User Permissions
User permissions let you clearly define what tasks users can perform, approve, and have access to.
Approvals
You can automate specific steps or sequences of events that require an official signoff on a record to ensure accuracy. The signoff can be linked to the desired authority to ensure data is accurate and secure, and that the current process is proceeding correctly.
User Role Hierarchy
Establishing a user hierarchy lets you dictate which specific user(s) can view or change specific components of accounts or records within the system, like reports. Roles determine user access to opportunities, cases, and contacts.
Validation Rules
Validation rules establish standards for recording and handling data. These security measures also ensure that only select users can do a certain process in the system. Based on business logic, validation rules can be set to prevent processes from being completed out of sequence.
Real-Time Event Monitoring
Real-time event monitoring helps you keep track of and monitor standard events in near real-time.
Audit Trail Functionality
Audit trail lets you track changes throughout the financial reconciliation process to maintain accurate, up-to-date information. This also lets you see exactly who is doing what in the general ledger, with project accounting, and every other aspect of the accounting process.
Object/Field Trail Functionality
Object/field trail functionality lets users view and document changes done to an object or a specific record within the object.
Workflow Rules
Workflow rules let you create and automate internal processes and procedural steps in orchestrating key accounting functions. This dictates how data is logged, accessed, processed, and used.
Secure Email Functions
Encrypt and safely send sensitive emails with accounting data involved. In Accounting Seed, you can utilize page layouts and Salesforce permissions to restrict users from viewing attachments too.
LEARN ABOUT ALL THINGS ACCOUNTING CYBERSECURITY IN OUR FREE GUIDE.
Protect Your Accounting Data Right Now With Accounting Seed
Accounting Seed has all the security features you need to fully protect your accounting data from any threats you face on the cloud. Our flexibility also lets you tailor these security features however best suits your individual needs. Keep your accounting data secure and you keep your organization and customers safe too, not to mention happy.
At Accounting Seed we’re focused on removing security concerns to give you the peace of mind to use your accounting data effectively for your organization. Schedule a free demo today to see how our solution protects your data from all the threats of tomorrow, and beyond.
محاربة الاحتيال في بيئة عمل هجينة
يأتي مع بيئات العمل الهجينة الجديدة لدينا إيجابيات وسلبيات. في مهنة المحاسبة على وجه التحديد، يؤدي تطبيق التكنولوجيا الجديدة إلى عمليات أكثر كفاءة، ولكن يمكن أن يؤدي أيضًا عن غير قصد إلى مخاطر إضافية مثل الاحتيال.
معلومات إضافية
-
المحتوى بالإنجليزية
Fighting fraud in a hybrid work environment
By Vinay Pai
December 17, 2021, 9:00 a.m. EST
4 Min Read
Facebook
Twitter
LinkedIn
Email
Show more sharing options
With our new normal of hybrid work environments come both pros and cons. Specifically in the accounting profession, the implementation of new technology creates more efficient processes, but can also inadvertently lead to additional risks such as fraud.
While all industries face privacy and data security challenges in hybrid environments, the sensitive and confidential information in accountants’ routine work demands a higher level of cybersecurity to ensure that all client data is totally secure. It is essential that accountants remain vigilant for possible fraud and actively safeguard network systems to ensure continued strategic growth for small and midsized businesses.
How does fraud happen?
Advances in Tech brings together some of the latest software and technologies that are helping the industry move forward.
ACCOUNTING TODAY
Fraud can occur in many ways. While the concept of physical fraud risks may seem outdated (especially in hybrid environments), the majority of confidential data — such as Social Security numbers and credit card information — is still stolen the “old-fashioned” way, via theft of physical laptops or important documents (e.g., paper checks, invoices, sticky notes) from unsecured areas. Even with the potential of artificial intelligence to reduce the burden and risk of many manual processes, many accountants and bookkeepers are still remarkably reliant on paper with 40% of bookkeepers still printing and mailing checks.
Hybrid and remote work models have also exacerbated many existing cybersecurity risks for many accounting firms. In the early days of the pandemic — when the transition to remote work needed to happen essentially overnight — it wasn’t uncommon for firms to put necessary “Band-Aid” solutions in place. Many companies and accountants moved their data to the cloud for the first time, which is a positive development, but not a silver bullet to safety.
Phishing attempts have continued to rise, preying on the stress of employees and owners, and the lack of updated protections and employee education as they managed through a crisis. These deceiving emails and notes, often disguised as emails from colleagues, are one of the most common ways that hackers can gain access to even the most secure networks. Now is the time to refine and improve those new processes put into place over the past two years, prioritizing more secure practices and the safeguarding of sensitive data.
Preventing fraud
There are a variety of practices that firms can implement to mitigate the risks of fraud in hybrid work environments. From a data security perspective, it starts with the cloud.
Cloud-based solutions and Software-as-a-Service providers are the most secure way to store client data, as these systems have more secure encryption methods than what accounting firms can offer in-house. This also removes the risk of stolen computers from a “smash and grab” robbery. While it’s now generally accepted that storing data in the cloud is far more secure than relying on a paper trail, decentralized personnel and the lack of pre-developed protocols for remote work left many firms exposed to additional cyber risks from unsecure networks and personal devices.
Going forward, accounting firms should ensure that all accountants are trained on an ongoing basis in the best cybersecurity practices while in a hybrid environment, including how to identify, prevent and address all types of fraud threats, from physical to digital. Employees should be vigilant about diversifying their passwords, keeping their login credentials private and updating them regularly.
It’s also critical to use secure devices and networks, implementing multifactor authentication for all services, and software to monitor for phishing and other scams. Lastly, with the rise in popularity of automated workflows to process data and transactions in daily accounting practices, accounting firms should consider investing in and implementing AI systems that scan for mistakes, such as duplicate payments, fraud — and even basic human error.
Strengthening tech security
In light of many major players in the accounting profession embracing more permanent hybrid and remote work models, accounting firms of all sizes should identify what, if any, interactions really require paper or physical interaction. For practices (such as accounts payable and payroll) that can easily be digitized, accounting firms should ensure they’re supporting those practices through secure, online systems and cloud-based storage solutions to ensure the highest levels of data protection.
Additionally, for communication with clients, firms should establish secure portals for the transfer of sensitive documents that contain personal or sensitive information, such as Social Security numbers, bank account information and credit card details. Never send these documents over email. A cloud-based document sharing solution is much more secure. All-in-one SaaS solutions that allow you to manage your workflow, approvals and payments can provide high security and convenience in hybrid environments.
Prior to the pandemic, many accounting processes were based primarily on physical work models and paper-based processes, but the acceleration of flexible and remote work models has only increased the overdue need for accountants to embrace automated technologies and AI-enabled workflows.
As firms seek to implement new workflows, it’s essential to prioritize educating the teams about how to mitigate new and emerging fraud risks and secure data on cloud-based servers before the Trojan horse is wheeled through the front gates.
الدورة التدريبية: أساسيات تدقيق الأمن السيبراني
معلومات إضافية
- البلد عالمي
- نوع الفعالية برسوم
- بداية الفعالية الأربعاء, 08 ديسمبر 2021
- نهاية الفعالية الخميس, 16 ديسمبر 2021
- التخصص تكنولوجيا
- مكان الفعالية كل دورة في مكان مختلف
منهج امتحان المحاسب القانوني المعتمد CPA يتغير: إليك ما تحتاج إلى معرفته
تواجه مهنة المحاسبة تغيرًا هائلاً، يتعلق الكثير منها بالتكنولوجيا. لا يشمل ذلك استخدام تحليلات البيانات وأتمتة العديد من مهام المحاسبة فحسب، بل يشمل أيضًا التحديات المتزايدة للأمن السيبراني وحوكمة تكنولوجيا المعلومات. لقد تغير دور المحاسبين أيضًا، وأصبح أكثر استراتيجية مما كان عليه في العصور السابقة.
معلومات إضافية
-
المحتوى بالإنجليزية
The CPA exam curriculum is changing: Here’s what you need to know
By Angie Brown
November 17, 2021, 10:47 a.m. EST
4 Min Read
Facebook
Twitter
LinkedIn
Email
Show more sharing options
The accounting profession is facing enormous change, much of it related to technology. This not only includes the use of data analytics and the automation of many accounting tasks, but also the rising challenges of cybersecurity and IT governance. The role of accountants has changed too, becoming more strategic than in previous eras.
Accountants are still expected to report the numbers; they’re also increasingly relied upon to use that data to inform business decisions, and that requires a greater emphasis on critical thinking skills. It’s also made it necessary for CPAs to more actively contribute to long-term financial strategy and not just the current numbers.
This evolution of the profession will be reflected in a new CPA exam that will be launched by the AICPA and NASBA beginning in 2024.
Payroll Relief: The Ultimate Payroll Software for Accountants
SPONSOR CONTENT FROM ACCOUNTANTSWORLD
The new exam will include three core exams covering accounting, auditing and tax, and three "discipline exams:" business analysis and report, information systems and controls and tax compliance and planning. All candidates will be required to complete the core exams, and then each candidate will choose a discipline exam to demonstrate deeper skills and knowledge.
Current undergraduates who enrolled in accounting programs starting in the fall of 2020 will be taking the updated exam. But the exam itself (the proposed content of which will be unavailable until June 2022) isn’t all that will change; to prepare students and academics for the new exam, the curriculum for accounting courses will have to change as well.
For that reason, AICPA and NASBA developed and launched the CPA Evolution Model Curriculum earlier this year. The model curriculum offers an overview of what educators need to teach in order to prepare students for the new exam in 2024, consisting of two main components: Part 1, covering the CPA Evolution Core, which is divided into the Accounting and Data Analytics Core, the Audit and Accounting Information Systems Core, and the Tax Core, and Part 2, covering the CPA Evolution Discipline, which is divided into the Business Analytics and Reporting Discipline, the Information Systems and Controls Discipline, and the Tax Compliance and Planning Discipline.
The goal of the model curriculum is to support existing accounting programs as they navigate the evolution of the accounting profession and the CPA exam, and to serve as a reference point for faculty to leverage as they deem appropriate based on their program objectives.
Most of the concepts outlined in the model curriculum are currently tested on the CPA exam but there are a few components that go beyond what is currently tested. The Accounting and Data Analytics Core includes critical thinking, which is defined as the ability to identify financial data risks and opportunities using relevant facts to make appropriate financial decisions.
The addition of a critical thinking module indicates the enhanced importance to the CPA exam — and to the accounting profession as a whole — of competency related to thinking beyond the numbers to inform decision-making.
The CPA of the future will need to think more strategically about utilizing information to achieve long-term goals. Additionally, the Accounting and Data Analytics Core includes two other new modules: financial data analytics and digital acumen. Digital acumen has also been included in the Audit and Accounting Information Systems Core and the Tax Core.
The discipline tracks have been designed to give future CPAs a deeper focus on areas of advanced or emerging content, with a greater emphasis on technology. The model curriculum for the BAR Discipline includes an extensive focus on advanced data analytics, while the ISC Discipline curriculum includes the use and management of data, including data governance and data preparation and manipulation.
ISC also includes a much stronger emphasis on information systems, security, IT controls and other related technology concepts, again reflecting the need to prepare future CPAs for technological change. Technology has been added to the TCP Discipline, emphasizing analytical review leveraging data and regulations regarding use of technology in tax compliance and planning (an increasingly important competency due to cybersecurity issues).
There is also a new module on personal financial advisory services in the TCP Discipline entailing individual tax planning, estate, gift and trust taxation, compliance and planning, and retirement planning.
Time to worry?
Should educators and students be concerned about these changes? Adjustments will need to be made, especially when it comes to choosing a discipline track. Students may feel stressed or intimidated about committing to one track or another (as opposed to now, when they take all four existing parts of the CPA exam).
But making this decision need not be overwhelming; educators can work closely with students to capitalize on the students’ strengths and interests to choose a track, and hiring organizations can also be involved in the conversation. Ultimately, students will have the opportunity to specialize in a particular area of accounting and thus improve their own competency and employability.
The increased emphasis on technology across the curriculum might seem overwhelming to students and educators, but they should keep in mind that the AICPA and NASBA are updating the focus of the curriculum based on the technology being used in the field, not jumping ahead of the profession as a whole.
For anyone concerned about these developing changes, just remember that CPA Evolution is not CPA Revolution; what we’re seeing is a gradual and necessary adaptation in line with the current reality of the profession, not a sudden shaking up of everything familiar. Keep calm, carry on and just pay attention as the new exam curriculum unfolds.
كيف يمكن للحكومات حماية المدن الذكية من تهديدات الأمن السيبراني؟
مع تحرك المدن الذكية نحو الرقمنة السريعة، مع التركيز على التقنيات التخريبية لتطوير بنية تحتية متقدمة لتكنولوجيا المعلومات والنظام، فإن المخاطر المحتملة للهجمات الإلكترونية يزيد معها.
معلومات إضافية
-
المحتوى بالإنجليزية
How can governments safeguard smart cities against cybersecurity threats?
By Samer Omar
EY MENA GPS Consulting Cyber Competency Leader
7 minute read
3 Oct 2021
Related topics
Government and Public Sector Innovation Cybersecurity
Upvote 20
Show resources
EY WGS security by design 2021
Download 2 MB
EY WGS security by design 2021 Arabic
Download 2 MB
As smart cities move toward rapid digitalization, focusing on disruptive technologies to develop an advanced IT and system infrastructure, the potential risk of cyber attacks
increases with it.
In brief
Cities with Inhabitants over 10 million people will increase from 33 in 2018 to a projected 43 in 2030 with a rise to 2.1 billion residents over the age of 60 by 2050.
Smart cities are extensively utilizing new technologies such as artificial intelligence (AI), biotechnology, machine learning, big data, quantum computing and 5G to offer smart services to residents, which in turn has substantially improved their lifestyle and well-being.
The rush to implement disruptive technologies and innovate systems and operations opens smart cities to multiple attack surfaces and vulnerabilities across the city ecosystem; exposing themselves to a growing number of security risks.
In such a scenario, a Security by Design approach is essential to safeguard smart cities and prevent cyber attacks. Security by Design is a new approach to cybersecurity that builds in risk thinking from the onset, enabling global innovation with confidence.
As the number of city residents continues to increase, the demand for rapid expansion and digitalization of urban areas into smart cities has further increased. By 2050, approximately 70% of the world’s population is expected to live in cities. This expansion requires technological and sustainable improvements to balance the social, economic and environmental impacts of these migrations.
The EY Security by Design report covers the challenges, risks and potential solutions for governments to safeguard smart cities from threats and attacks. Although different challenges require differing approaches to the implementation of a digitally enabled ecosystem, the three core considerations during transformation are population risk awareness, effective processes and adoption of disruptive technologies.
The report covers five main topics essential for cybersecurity in smart cities and identifies trends for governments to prepare for including infrastructural improvements, digitalization, population increases, complimentary regulations and agile response teams, and operating models. The five topics are discussed in detail in the EY Security by Design report (pdf):
Disruptive technologies
Security challenges and solutions
Cybersecurity trends
Cyber threat landscape
Government considerations
These components help governments to stay ahead of cybercrime and that they are able to innovate, prioritize and understand the risk landscape and opportunities for security control. These critical areas also ensure that smart cities are initially designed and built with a Security by Design concept in mind.
1
Chapter 1
Disruptive technologies at work
Developing intelligent infrastructure through gathered insights
Governments have harnessed disruptive technologies to improve decision making and enhance efficiency while reducing challenges. The primary benefits include the development of intelligent infrastructure through gathered insights. There are three primary technologies impacting smart cities:
Internet of things (IoT) and sensors: These sensor based technologies gather data which is analyzed for transformative digital implementations. The increased cloud computing usage has led to an increased number of entry points for cyber attackers. Governments must consider data protection politics, defense approaches and security solutions to mitigate risk.
Connected cars: Automotive suppliers face challenges with respect to protections for connected and autonomous vehicles due to lack of regulations. A Security by Design approach would require standardizations and minimum security requirements for manufacturers to implement.
Smart meter and smart grid: These predictive technologies collect large amounts of data through partnerships and need to be protected. Detective, preventative and reformative measures need to be integrated alongside government regulatory frameworks, policies and procedures to help to digitally transform the power infrastructures.
2
Chapter 2
Security challenges and solutions
Exploring innovative strategies to make up for outdated technologies
To ensure sustainable development of smart cities and overcome the challenges of antiquated infrastructure during the rapid urbanization, cities must rethink their innovative strategies to counterbalance outdated technologies.
Estimated cities
00
Will have between 5 and 10 million inhabitants by 2030.
Eight core security challenges have been identified for the consideration of cities across Africa and the Middle Eastern regions:
Insecure hardware: a lack of testing and standardization has let to vulnerabilities to cyber attacks and signal failures.
Linking vision with strategy and policy: a misalignment between strategies, policies and regulations and the vision for smart cities.
Multiple implementation programs: numerous initiatives running in parallel leads to the prioritization of solving logistical challenges and a lack of attention on security vulnerabilities.
Larger attack surface: an increased number of potential entry points for hackers due to the large number of individual devices connected to the network.
Inadequate funding and finance: cities often compensate for reduced budgets by decreasing cybersecurity budgets in favor of large-scale technology investments.
Lack of standardized security architecture: a lack of standardization and communication between city systems and security controls.
Operational Technology (OT) infrastructure security controls: an OT infrastructure that is administered by a generic IT infrastructure.
Deployment of disruptive technologies: a lack of practicality and cost-benefit analysis in adopting disruptive technologies.
Governments need to take an active role in the urbanization and transformation of cities and embed a Security by Design approach into their smart city transformation and technology implementations to reduce the risk of cyber attacks.
They must also establish responsible committees, security initiatives and a multifaceted defense-in-depth approach to protect connected devices while taking note of the potential challenges. In order to develop sustainably, governments must also factor in costs and security architecture design to account for rapid urbanization.
3
Chapter 3
Cybersecurity trends
Knowing the trends to stay one step ahead
EY researchers identified thirteen trends that may pose a challenge to the infrastructure of a smart city:
IT infrastructure improvement
Rise of megacities
Demographic shift
Technology implementations
IoT
Carbon removal solutions
Cybersecurity expertise
Harmonization
Crown jewel identification
Cybersecurity program refresh
Computer emergency response
Laws and regulations
Agile operating model
The most staggering trend is the discrepancy between cybersecurity implementation and smart city digital adoption. According to the IMD Smart City Index Report 2020, security is not considered a priority for top-ranking smart cities, an initiative that should otherwise be inseparable from smart city developments.
4
Chapter 4
Cyber threat landscape
Understanding the entirety of potential and identified cyberthreats
Almost half of corporate boards believe that cyber attacks will harm their business over the next 12 months. In order for smart cities to develop their cybersecurity, they must first understand the threat and risk landscape.
WGS graphic 01
Governments and authorities must consider the types of threats and potential impacts of the attacks and proactively assess and account for cybersecurity safeguards. The EY report identifies three categories of cyber attacks on governments.
WGS graphic 02
5
Chapter 5
Key considerations for governments
Toward safer and sustainable new infrastructures
As new technologies are adopted and smart cities utilize more interconnected systems with single data consolidations, new procedures and regulations are required to ensure the safety and sustainability of new infrastructures.
Governments must account for seven key considerations to maintain a resilient smart city:
Interaction and collaboration: the relationship between cybersecurity and other teams and lines of business
Big data and predictive analytics: considering big data management and the application of security controls to information databases and repositories
Testing environment: mandating the usage of testbeds across all critical infrastructures and new technology systems
Security Architecture: creating standards for architecture based on infrastructure networks, data collection, IT platforms, city structure and service offers
Zero trust and micro segmentation: security procedures to authenticate users and segmentations between cities to mitigate threats
Physical security: Implementation of security cameras in conjunction with AI technology
Public-private partnerships: Government support by the private sector to mitigate the challenges of rapid urbanization
Summary
Today, it has become imperative that governments across the world analyze the importance of having an impenetrable cybersecurity system in place, and disseminate cyber awareness to the masses, to thwart any possible attacks. Staying one step ahead of cybercriminals is the need of the hour, as the world stands battered by the COVID-19 pandemic and is forced to rely on the virtual connectivity across all fields and sectors. The governments need to prioritize assets, understand the risk landscape and implement enhanced levels of security control to better manage and mitigate the forthcoming risks. - البلد الأردن