Pamela Nigro, senior director of Information Security at Health Care Service Corp., opened the final day of the Governance, Risk, and Control (GRC) Conference with her general session, "The Future of IT Audit and Industry 4.0." Negro shared with audience members her thoughts on emerging technologies affecting today's organizations and those that will transform the businesses of tomorrow.
"Organizations are shifting from traditional ways of engaging and interacting with customers, prioritizing digital ones," she says. Citing health care as an example, Nigro pointed to the common practice of sharing patient test results via a portal rather than a phone call. She also cited Tesla as operating not so much as a car company but as a software company that collects and leverages data to serve its customers.
"Now every business is a digital business with software at the core," she says. "There used to be a focus on running IT like a business. Now IT is the business — there is not a business that is not run by IT."
Data, Nigro adds, has become the world's most valuable resource — much more so than oil. And it's not just about collecting and storing data, it's about transforming that data into useful and consumable information.
"Digital transformation is the foundation on how organizations deliver value to their customers," she says. "It's more than simply remaining competitive. There's a radical rethinking of how organizations use technology and processes to fundamentally achieve business performance."
Nigro cited artificial intelligence and Internet of Things interconnectivity as examples of transformative technologies that are driving business ecosystems and changing the way business is done. But this interconnectedness, she points out, creates a host of risks. Among them, she pointed to cyberthreats recently identified by Security magazine, including cryptojacking, software subversion, and cryptocurrency ecosystem attacks.
She also referenced the threat of breaking encryption using quantum computers. "As auditors, encryption is an important part of our structure," she says. "It is important that we feel confident that we can rely on that encryption for our security, for our privacy, for our protection. What happens if that is easily breached?" The thinking has shifted, she says, from considering if a company will get hacked to when it will get hacked.
In response to these threats, Nigro challenged auditors to not just keep up, but to "set the pace." "Why can't we and our development partners get sandboxes to start to play and understand and learn this technology so that we can help be a value-added partner to our organizations as they move into these new technologies?" she asked.
Nigro says auditors need to become leaders in the digital transformation space and help organizations move into this technology. She encourages auditors to adapt and think about how to "get ahead of the digital curve."
Toward that end, she advised attendees to make sure they have the necessary competencies and understanding to tackle digital challenges. "Think about how you are maintaining, or even leading, in your skills set," she says. "Understand how the technology really supports strategic objectives. Focus on those risks that can delay or derail business objectives, and identify how the algorithms are being used."
Nigro also encouraged auditors to get involved early in technology projects and to partner with the first and second lines of defense to help best manage the risks appropriately. "We have to stop being the 'department of no,'" she says, "and find a way to bake compliance and build controls into these new technologies and processes."