Managing Risks in Digital Transformation E-Book

Managing Risks in Digital Transformation

Navigate the modern landscape of digital threats with the help of real-world examples and use cases

Ashish Kumar

Shashank Kumar

Abbas Kudrati

BIRMINGHAM—MUMBAI

Managing Risks in Digital Transformation

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Mohd. Riyan Khan

Publishing Product Manager: Prachi Sawant

Senior Editor: Arun Nadar

Content Development Editor: Sujata Tripathi

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Ashwin Dinesh Kharwa

Proofreader: Safis Editing

Indexer: Subalakshmi Govindhan

Production Designer: Shankar Kalbhor

Marketing Coordinator: Marylou Dmello

First published: April 2023

Production reference: 1160323

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80324-651-2

www.packtpub.com

Dedicated to all security and IT helpdesk professionals who made working from home possible during the pandemic.

– Ashish Kumar

To my kid, Shrina, for her infectious curiosity and optimism.

– Shashank Kumar

To all my mentors who inspired me to achieve more in my professional and personal life. Thank you, Ruzan Khambhata (Wizz o Tech), Govind Kaveri (BHA), M. K. Srinivasan and Navin Gabrial (WebXL Asia), Ahmed Buhazza (eGov Bahrain), Srikant Ranganathan (E&Y), Tom Gamali (NBK), Anthony Stevens (KPMG), and Avinash Lotke, Mandana Javaheri, and Sian John (Microsoft). Thank you to my Toastmasters mentors, Mohd Isa, Khalid Alqoud, Shaukat Lokhandwala, and Zulfiqar Ali. Your guidance and coaching have helped me to become a better person, professional, speaker and leader today.

– Abbas Kudrati

Foreword

I have had a long and impactful career in business continuity, disaster recovery, cybersecurity, and crisis management, which has enabled me to operate holistically to understand the threat landscape and how this understanding can be proactively enabled to deliver effective resilience. I have been at the frontline of many major incidents, including IT failures, cyberattacks, data breaches, and fraud.

This all led me to write my first book, Effective Crisis Management, where I looked back over the last 25 years of my career to explore the evolving threat landscape – whetherfacing it’s economic, geopolitical, environmental, or technological risks, organizations need innovative ways to understand and navigate the array of threats that they face on a daily basis.

It is this shared passion and enthusiasm for risk and resilience that got me excited about writing the foreword to this book. The authors have really brought to life the challenges that so many organizations face today.

The combined experience and backgrounds of Ashish Kumar, Abbas Kudrati, and Shashank Kumar make for compelling reading, as they share their deep insights and strategic thinking. Their leadership and subject matter expertise shine through each chapter.

The only true certainty is that change is constant. What perhaps sets the current landscape apart from previous years is the speed and scale of change that we are experiencing, which is at an unprecedented level.

I really enjoyed how the authors have explored some of these issues, learning how certain events have led to seismic shifts, not just in our level of tolerance to risk but also in the public perception of risk. In particular, the authors take us on a journey and explore the rich history, showing how the correlation between major incidents and distrust has led to wholesale regulatory change.

A prime example of this is the 2016 General Data Protection Regulation (GDPR) – one of the heaviest debated regulations in EU history – which holds organizations to account on how they collect, process, and analyze personal data. In the digital era, this has led many countries to adopt similar regulatory requirements and standards for effective privacy and security controls.

This book will appeal to a wide range of risk, resilience, and security practitioners – from those with strategic accountability and ownership for establishing the risk appetite and frameworks to those with operational responsibility for identifying and managing risk. The book is written in a format that is easy to digest and understand, with a myriad of practical examples, case studies, and some eye-watering statistics to bring the subject to life. This application of real-world knowledge and experience makes the authors’ insights so valuable.

You can expect practical hints and tips about how to navigate the evolving risk and compliance threat landscape that will provide longevity in the adoption of successful risk frameworks and contingencies. Some of the key outcomes include developing a view on zero trust architecture, understanding the insider threat landscape, and getting contextual frameworks for governance and regulatory risk management. This book is a must-read for anyone with an interest in risk and compliance.

Sarah Armstrong-Smith

Chief Security Advisor, EMEA

Microsoft

Contributors

About the authors

Ashish Kumar is a principal product manager at Microsoft. He has over 25 years of experience in networking, infrastructure, and cloud to cybersecurity at Microsoft, TCS, and HCL, and he has engaged with over 2,000 customers, representing their viewpoints with regard to the current times. He has played various roles in leading cybersecurity discussions with CISOs, IT leaders, and businesses for over 10 years. He has actively learned about and gained insights into digital risk in his regular discussions with over 100 chief risk officers and CISOs in the last two years as part of his engineering role. He holds various certifications, such as MCSE, CCNP, ISO Auditor, Cloud, and Power Platform certifications.

Shashank Kumar is a cybersecurity practitioner, longtime regulatory risk enthusiast, and principal product manager for Microsoft Purview Compliance products. He works closely with some of the world’s largest corporations to help them understand their current and future cybersecurity risks and solve them, through new features or products from Microsoft Data Security Product Group. He has exhaustive experience in helping Fortune 500 companies design their security and compliance management strategies, and he is also a frequent contributor on product management and cybersecurity forums.

Abbas Kudrati is a longtime cybersecurity practitioner and CISO and is Microsoft Asia’s chief cybersecurity advisor. In addition to his work at Microsoft, he serves as an executive advisor to Deakin University, HITRUST, EC-Council, and several security and technology start-ups. He supports the broader security community through his work with ISACA chapters and student mentorship. He is the technical editor of various books and the bestselling author of books such as Threat Hunting in the Cloud and Zero Trust Journey Across the Digital Estate. He is also a part-time professor of practice at La Trobe University and has been a keynote speaker on zero trust, cybersecurity, cloud security, governance, risk, and compliance.

About the reviewers

Hardik Kiran Mehta has contributed to information security, risk, and compliance for more than 17 years, specializing in global privacy laws, NIST, ISO, and risk management. He has performed mobile forensic investigations for both law enforcement and the intelligence community in support of the US federal government. He received a BE in computer engineering from Mumbai University and a master’s in computer science from Stevens Institute of Technology. He is currently employed by Microsoft as director of security, risk, and compliance at their headquarters in Redmond, USA. He has received various accolades and awards from the government of Australia, SEC, and ISACA.

I’d like to thank my family and friends who understand the time and commitment it takes to contribute actively to information security, risk, and compliance, which is constantly changing. Working in this field would not be possible without the supportive security, risk, and compliance community that has developed over the last several years. Thank you to all of the trailblazers who make this field an exciting place to work each and every day.

Salah Eddine MAHRACH is a leading, trusted GRC professional with more than 19 years of business experience in the banking, financial services, and energy sectors. Leveraging years of field experience, he has succeeded in implementing risk management, audit practices, and structures for numerous corporations, aligning with multiple international standards and frameworks. He has an interest in IT governance, risk management, IT audits, investigations, business continuity management, and regulatory compliance, which he likes to share as a volunteer in working groups or as a speaker at conferences. He is also one of the founders of the ISACA Moroccan chapter. Salah Eddine holds a number of professional certifications, including CISA, CRISC, CDPSE, and COBIT 2019 Foundation.

I am thankful to my family, especially my wife and my kids, for their support and for tolerating my busy schedule and still standing by my side.

I am deeply indebted to ISACA and its community for making available valuable knowledge and access to an outstanding professional network.

Table of Contents

Preface

Part 1: Invisible Digitization Tsunami

1

Invisible Digitization Tsunami

Digital transformation

An invisible hand

Summary

2

Going Digital

Hello Alexa, Siri, Google, Cortana, and more

The role of digital calendars

Digital and physical socialization

Cameras everywhere

Digital wearables – oh, my heart

Advanced features in wearables

What is real?

Summary

3

Visible and Invisible Risks

Risks in digital life

Visible risks

Invisible risks

When does risk become visible?

Hit by password phishing

Use of your credit cards

Ransomware

Invading privacy and extortion/phone spying

Summary

4

Remote Working and the Element of Trust

Remote working – not new for everyone

Pandemic and remote working

View of remote working for various industries

Risks to organizations

Summary

5

The Emergence of Zero Trust and Risk Equation

Zero Trust in real life

Zero Trust is a new digital transformation

Lesson learned from a global pandemic

Modern principles of Zero Trust

The NIST approach to Zero Trust architecture

The Sunburst attack example

Zero Trust across the digital estate

Example of controlling access with intelligent policies and continuous risk assessment

Zero Trust makes compliance easier

Isolation

Monitoring and visibility

Summary

Part 2: Risk Redefined at Work

6

The Human Risk at the Workplace

Innocent intent

Start of day

During the day

Wrapping up

A quick relook at the risks

Good worker

Start of the day

During the day

Wrapping up

Self-obsessed

Rebel intent

Malicious intent

Summary

7

Modern Collaboration and Risk Amplification

Evolving to the new workspace, where the flow of information is versatile

Versatile collaboration – some questions

Challenges of a hybrid setup

Future devices and their risk profile

Polarization of opinions and its possible impact on modern collaboration

Summary

8

Insider Risk and Impact

Case study – insider risk at Roposo Ltd

Context

Actor and the plot

The crime

The aftermath

The lessons

Understanding the impact of insider risk

Primary costs of insider risk

A summarized view of the impact of insider risk

Summary

9

Real Examples and Scenarios

Insider risk – definition and threat vectors

Insider risk – behaviors and technical trends to look out for

Behavioral indicators

Technical indicators

Using the MITRE ATT&CK framework to detect insider threat and behavior

Case study 1 – exploits in the life sciences sector

Solution and outcome

Case study 2 – a victim of a phishing attack

Solution and outcome

Case study 3 – working from home

Solution and outcome

Case study 4 – AT&T

Solution and outcomes

The cost of insider threats

Summary

10

Cyberwarfare

Is everything fair in love and war?

War and its actors

Advanced persistent threats

The Colonial Pipeline attack

The Shamoon virus

Stuxnet

Operation Desert Storm

Impact of cyberwarfare

Summary

11

An Introduction to Regulatory Risks

Regulatory risks – an introduction

Digitization and the expansion of the regulatory risk landscape across sectors

Speed

Scale

Interdependence

A framework to understand modern regulatory risks for all businesses

Summary

12

The Evolution of Risk and Compliance Management

What is risk?

Origins and evolution of risk management

From risk to compliance management via increased digitization

A timeline of the top events that made regulators take notice

A timeline of the top regulatory responses to financial and digital risks for stakeholders

The various phases of compliance management and how COVID might impact the future

Phase 1 – GRC in the early 2000s

Phase 2 – integrating GRC with the overall enterprise risk landscape

Phase 3 – compliance management – an agile, modern way of managing

What changed with COVID?

Summary

13

The Role of Data and Privacy in Risk Management

Understanding data explosion

Understanding the enterprise and institutional data landscape

What is the top priority for governments and regulators?

What should be the top priority for businesses?

Summary

Part 3: The Future

14

Remote Work and the Virtual Workforce

Will remote working be a permanent change?

Scope of our work

Work tools

How we work

Do I have to work alone when working remotely?

Summary

15

Automation and Virtual Humans

Automation in this digital age

The maturity of chatbots

Digital humans

Digital humanoids

Summary

16

The Role of AI in Managing Future Lockdowns

Input and output devices of the future

Digital assistants – at home

My digital assistants – for travel

Digital assistants – at work

Family time and social life

Education and study time

Healthcare

What will humans do?

What is digital shutdown?

The role of ethics in AI

Summary

Further reading

Index

Other Books You May Enjoy

Preface

In a world increasingly dominated by technology, digital transformation has become a critical driver of growth and competitiveness for organizations of all sizes and industries. With the rise of cloud computing, mobile devices, the Internet of Things, and other innovative technologies, companies can collect, store, and process vast amounts of data in real time, opening up new opportunities for business transformation, increased efficiency, and new revenue streams.

However, as organizations embrace digital transformation, they also face new and complex risks. The modern landscape of digital threats is constantly evolving, and companies must be vigilant in their efforts to protect sensitive information, systems, and infrastructure. From cyber-attacks and data breaches to security failures and other forms of digital risk, companies must have a deep understanding of the challenges they face, as well as the tools and strategies needed to manage these risks effectively.

This book is designed to help organizations navigate the complex and rapidly changing world of digital risk. Through a series of real-world examples and use cases, we will explore the key challenges and risks associated with digital transformation and provide practical insights and strategies for managing these risks. Our goal is to help organizations understand the modern landscape of digital threats and provide them with the tools and knowledge they need to succeed in a digital world.

Whether you are a business leader, security professional, or IT manager, this book will provide you with a comprehensive overview of the challenges and risks associated with digital transformation, as well as the strategies and best practices you need to manage these risks effectively. With a focus on real-world examples and practical insights, this book is an essential resource for anyone looking to navigate the modern landscape of digital risk.

For us, this book is an attempt to build a conversation among the large fraternity of business, technology, and cybersecurity enthusiasts, leaders, and practitioners. Please feel free to reach out to us:

Abbas Kudrati – @askudrati (Twitter) and https://www.linkedin.com/in/akudrati/

Ashish Kumar – linkedin.com/in/ashishkadhikari

Shashank Kumar – @Shshank (Twitter) and linkedin.com/shashank1kumar

Who this book is for

Managing Risks in Digital Transformation is broadly focused on assisting three categories of readers—first, those who own a business of any size and are planning to scale it; second, those who are leading business and technology charters in large companies or institutions; and third, those who are academically or disciplinarily targeting cybersecurity and risk management as an area of practice. Essentially, this book is for business leaders, board members, small and medium business owners, and professionals working in IT, risk, governance, compliance, and legal domains. It is designed to help technology leaders such as chief digital officers, chief privacy officers, chief risk officers, CISOs, and CIOs, and will help students and cybersecurity enthusiasts to develop a basic awareness of risks to navigate the digital threat landscape.

What this book covers

Chapter 1, Invisible Digitization Tsunami, gives the reader a view into the domains of human work and personal life a few decades back and how fast they have changed.

Chapter 2, Going Digital, provides insight into how our lives, both personal and professional, are saturated with technology. From digital assistants to smartwatches, this chapter discusses how we as humans are becoming increasingly dependent on technology.

Chapter 3, Visible and Invisible Risks, identifies the visible and invisible risks involved in real-life scenarios, from browsing the internet to using an application on our mobile phones.

Chapter 4, Remote Working and the Element of Trust, focuses on the topic of remote working, which is now widespread due to COVID-19. It examines the history and concept of workingfrom home (WFH), the impact of the pandemic, views from various industries, and the risks it presents to organizations.

Chapter 5, Emergence of Zero Trust and Risk Equation, examines how the emergence of zero trust security architecture and risk equation reflects a paradigm shift in cybersecurity. Zero trust emphasizes the need to verify every request and restrict access to resources and aims to balance the costs of security measures against potential losses from cyber threats.

Chapter 6, The Human Risk at the Workplace, goes through the types of risks in the workplace, who they involve, and their repercussions, profiling employees through the lens of academic research on digital risk and live examples. The chapter also illustrates the ways in which each distinct persona is susceptible to digitally risky behavior.

Chapter 7, Modern Collaboration and Risk Amplification, tracks the recent evolution of collaboration in enterprises and institutional workspaces and the implications it has for both employees and management.

Chapter 8, Insider Risk and Impact, offers a qualitative and quantitative approach to evaluating and understanding the implications of insider risk.

Chapter 9, Real Examples and Scenarios, contains four real stories from the corporate world, anonymized but carrying actual details of the way a large data breach or business impact panned out due to the risky behavior of an employee.

Chapter 10, Cyberwarfare, elaborates on the concept of war and cyberwarfare. War refers to an armed conflict between countries or entities, while warfare refers to the tactics used to win. Cyberwarfare is a new form of warfare that uses technology to attack an enemy and inflict damage on physical objects. The chapter will explore the impact of cyberwarfare on countries and organizations and examine the various actors involved, including nation states and cybercriminals.

Chapter 11, An Introduction to Regulatory Risks, contextualizes digital regulatory risk for an average reader. The reader is introduced to a few frameworks that should help them understand the need for the regulations in question and the implications of regulatory risk.

Chapter 12, The Evolution of Risk and Compliance Management, follows the evolution of modern compliance management as a discipline from the common origins of risk management. It also takes readers through a timeline of corporate scandals and scams and correlates those with the development of regulatory frameworks from governments and institutions in response.

Chapter 13, The Role of Data and Privacy in Risk Management, establishes the size of the issue when it comes to enterprise data and introduces readers to the need for companies to responsibly retain or delete their data in the context of modern privacy regulations.

Chapter 14, Remote Work and the Virtual Workforce, discusses the relationship between remote working and AI. The authors believes that AI is changing the nature of work, leading to a redefinition of work and the emergence of new categories of workers known as “work beings”. The authors raises concerns about the impact of this shift on human social connections and well-being.

Chapter 15, Automation and Virtual Humans, explores the idea of human and work beings in the context of technological advancements such as AI and automation. “Work beings” refers to new forms of workers such as robots or avatars that can do tasks previously performed by humans. The chapter also explores how automation and AI will shape the presence of work beings in the workforce and covers topics such as the current state of automation and the development of chatbots and digital humans.

Chapter 16, The Role of AI in Managing Future Lockdowns, looks ahead at the next two decades. The number of internet-connected devices is expected to surpass the number of humans, leading to significant changes in the form and interface of digital devices. The use of AI in these devices will impact human interactions and relationships, creating new habits and posing new risks, such as digital lockdowns that may disrupt electricity and internet connectivity. Laws and regulations are needed to prevent and mitigate these risks and ensure ethical practices in AI technology companies.

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/MWKJk.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Create a new file named argocd-rbac-cm.yaml in the same location as argocd-cm.yaml.”

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “You can use the UI by navigating to the User-Info section.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Managing Risks in Digital Transformation, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?
Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application. 

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781803246512

Part 1: Invisible Digitization Tsunami

This part covers the impact of digitization on modern society. It begins with a comparison of the “good old days” and our current era and then moves on to discuss the ubiquitous presence of digital technology. This part also explores the risks associated with digitization, both visible and invisible, and the rise of remote work. Finally, it delves into the concept of zero trust and how that affects the overall risk equation. The aim of this part is to provide an overview of the changes brought about by digitization and the associated risks.

This part of the book contains the following chapters:

1

Invisible Digitization Tsunami

It’s a bright day in 2023, and most humans on the planet are acclimating to the new normal after the pandemic that changed the way we work and live, while a few months back, Amazon founder Jeff Bezos took the first civil flight to space, creating a milestone. The world around us is changing fast. The human population in 2022 was around 8 billion, and most of us had a mobile phone; the count of phones is hovering around the 10 billion mark. What’s moving faster than the human and mobile population is the count of internet-connected smart devices, also known as IoT devices. Today, they are found in cars, smart homes, and industrial devices and they number 13.5+ billion at the time of writing. That totals up to 24 billion internet-connected devices between 8 billion humans.

On a personal front, I think the number of virtual assistant devices, such as Amazon devices, will beat the estimate of 90 million for 2022. In 2021, Amazon sold close to 55 million devices. Sometimes, you may wonder why we did not have such innovation a few years back. I remember the shift humans made from the once-dominant Sony Walkman to CDs, and then to mass storage devices, such as the Apple iPod and the MP3 format. I owned an iPod, and it was a cool product that Apple launched in 2001; it got its last update at some point in 2014. While at its peak Apple sold close to 51 million iPods, it still missed the innovation spotted by Amazon – voice command technology. Apple eventually recognized this trend and decided to retire its music hardware products. Visit the following link for interesting facts and an assessment from Statista about why Apple said goodbye to music devices: https://www.statista.com/chart/10469/apple-ipod-sales/.

It’s so convenient to just talk to a machine and ask it to play the song of your choice instantly. You don’t have to move your hand, touch a button, or shuffle through a rack of CDs to find your favorite songs anymore. You can just ask the machine to play your choice of song and your virtual assistant device plays it. I call this the inflection point in the human history digitization journey. It opens up a world of voice commands, such as operating lights, refrigerators, heating, security cameras, and home service drones – it’s truly an inflection point where machines and humans define how humans live, work, and play.

It’s interesting to see trends around digital assistants such as Amazon Alexa. Feel free to read more about this at https://safeatlast.co/blog/amazon-alexa-statistics/#gref.

The last few years also heralded a shift in the way we communicate both personally and professionally; I remember growing up watching Star Trek, which became very popular during the 1970s. It had the concept of cellular phones, which became reality in the 1980s, first in Japan thanks to NTT. It was fiction coming true in just a few years, and today, we can reach anyone on the planet in just a few clicks with HD video quality. Today, more than 500 million meetings occur daily on Teams and Zoom combined, which is a staggering digital immersion of our lives in technology.

Technology’s rapidly evolving adoption due to the pandemic is transforming industries, companies, and governments at a pace never seen before. The democratization of AI and the establishment of cloud technologies is giving birth to new ideas, companies, and risks that were never imagined before.

The pandemic disrupted education across the globe and affected millions of students. In response, education institutes implemented some forms of digital learning. Digital learning opened up new ways to learn independently of physical proximity between teachers and learners. Digital learning provides a new learning environment that has benefits and risks. Digital learning provides the convenience of attending classes from your home. It also provides an easy way for your friends to attend the same class, or anyone else to attend the class on your behalf. The vast majority of students had never attended online courses before the pandemic. The experience was equally new to teachers across all age brackets. While most students and teachers were busy adjusting to the new digital world, what went unnoticed was the risk of digital learning.

How the world eats has changed dramatically, thanks again to the pandemic. Just a decade back, ordering food mostly meant pizza. Nowadays, food delivery has become a global market worth more than $150 billion; it has more than tripled since 2017. Most food orders pre-pandemic were delivered by a driver employed by the restaurant. There were fewer payment methods, including cash on delivery. In the post-pandemic times, things have changed. Today, most customers order via their cell phones and through food delivery apps such as Uber Eats, Foodpanda, Zomato, and DoorDash. The food delivery business has its risks, such as the time it takes to deliver food, packing to maintain the food’s quality, and theft of food while it’s being delivered. Risks that go unnoticed are private information about what you eat, the time you order, and sensitive data such as credit card numbers that get transmitted and stored across multiple systems owned by various third parties in the delivery network.

Changes triggered by the pandemic were unexpected and fast. More important was the new world, which was more digital and stayed not just for a few days but for months across the globe during the pandemic. Changes impact our lives in different ways. Some of us embrace change faster than others. The digital habits induced by the pandemic are changing the way we learn things, make payments, order food, go shopping, and work.

For most of us, change brings uncertainty and loss of control. Digital changes are no different. Sometimes, changes in technology are inevitably agnostic to our liking or the rate at which we adopt them. Digital changes could include downloading an app from an app store if you want to purchase goods or services, which creates new digital habits. Digital changes such as “you must update the software or you will not be able to get new features again” evoke mixed responses. Attending calls on your favorite collaboration suite, such as Microsoft Teams or Zoom, and sharing your screen is a newly formed habit.

Changes around video calls and video meetings came in so fast that it’s worthwhile looking at trends, as covered in the following links on the usage and statistics for leading video call providers, such as Microsoft Teams and Zoom during the pandemic years:

You may not like browsing the app stores offered by various phone or technology service providers, you may not like the new version of the operating system, or you may find sharing screens a very mundane activity; however, changes are inevitable.

Some changes require you to act, such as updating your phone’s operating system, while some changes just soak into your life, such as browsing the internet or spending time on social networks, without any action needed from you. I call these changes ambient as they bring permanent changes to our lives. Moving from SMS to WhatsApp, Telegram, and Instagram are examples of ambient change. Driving a car to a new holiday location using digital maps is again an ambient change that has soaked into the lives of billions. Ambient changes come fast, without friction, with extremely low learning curves, and permanence. Ambient changes are what I am afraid of most. These changes bring in differentiated digital risk, giving humans almost no option to go back to the old ways of doing the same activity.

Well, don’t lose your thoughts, and let me remind you what Hagrid said: “No good sittin’ worryin’ abou’ it. What’s comin’ will come, an’ we’ll meet it when it does.” What this phrase teaches us is to not worry and face the changes as and when they come.

In this chapter, we’ll explore how rapidly we are getting fused into this digital web around us. This chapter also discusses the contentious fact that it is as though an invisible hand is guiding us to become absorbed in and addicted to this digital life, where risks are only visible toward the end of the journey. To begin with, we’ll explore the following topics:

There is surely a digital tsunami ahead that has benefits, new experiences, and new risks.

Digital transformation

Computing has come a long way, and so has the use of computers. Computers have also morphed from the size of big rooms back in the 1980s to small chips in IoT devices.

Cars manufactured 40-50 years back were very, very different from the cars manufactured today. Modern cars are connected and have integrated maps. I used to find it difficult to park my car between two cars, but not any longer thanks to the parking assist features. Cruise control in cars today has been upgraded so that it’s adaptive and the car can maintain its speed relative to cars around it. Cars today come with digital displays with touchscreens that show way more than just the speed and acceleration of the old days. Cars today come with cameras outside for parking assistance and traffic symbol alerts along the road, and inside for checking on driver drowsiness. Modern cars today can also run on their own using autonomous driving.

Technology has changed driving so much that you don’t need humans today to even drive a car. The future of driving is without a human driver. The car industry has been transformed and continues on its transformation journey due to technology.

It’s not just the car industry; any industry, including healthcare, manufacturing, music, and television, is transforming due to the use of technology.

As are you beginning to see on executive profiles on LinkedIn, digital transformation officers, chief digital officers, leaders in digital transformation, and digital transformation as a skill are becoming prominent.

So, what is digital transformation and what risks does it bring to our lives?

As computers have touched business processes and gained more intelligence in the form of what they can see, the ability to listen, operate a mechanical arm in car manufacture, or maneuver a car, humans began to realize new ways to use computers.

Business processes that were established in companies across the world have matured and are running effectively. Governments also have well-established processes such as the system of tax collection, and workers such as traffic cops ensure smooth traffic flow and issue tickets when they spot a speeding vehicle.

Digital technologies have changed our lives. Most of the time, we think that technological advancements are a thing of the future, which is not true. Society gives technology and technological advancements a sense of purpose, and innovations will continue to disrupt and change norms.

Why do we need a traffic cop when speeding cameras across the country can automatically issue tickets to drivers for speeding? Why do we need a human to process tax documents when AI software can assess, validate, and process the entire tax submission? Why do humans need to drive a car when cars can drive themselves?

These technological changes not only impact the normal way of working, studying, and socializing, but also impact actors, such as humans in the roles of customers, employees, partners, or other stakeholders that are part of the process.

Why do I need a human to deliver me pizza when a drone can deliver it faster to my doorstep by flying from a nearby pizza shop?

Let’s look at an example of opening a bank account. We used to go to the bank with relevant documents, such as photo ID, proof of social status, and any other necessary documents. You would hand these documents to a bank officer, who would, in turn, verify them and open a bank account for you. This could take from a few minutes to a few days, depending on which bank and country you opened an account in. Once your account was open, you would receive a checkbook, a credit card, or a debit card to use with your account. Now, let’s look at this same simple example through the lens of digital transformation, where you can open a bank account in minutes by using a mobile application, taking your picture, and entering your social security number, which gets verified by the government authorized agency such as the home or external affairs ministry online. Once it’s verified, your credit rating is pulled from the credit agency and an account is created for you in minutes. A bank officer sipping their coffee miles away receives a notification on their phone to verify that the automatic account opening system should go ahead and create an account for this new customer in their banking system. The bank officer verifies your form, the picture you have taken from your phone, and your ratings from the credit agency, and presses the approve button.

In a matter of seconds, your phone screen says “thank you,” displays your account number on your phone screen, and prompts you about whether you want a virtual debit or credit card instantly, while the bank sends you physical cards in due course. You are thrilled to get a new bank account in minutes and click on the virtual credit card, which again gets created in minutes for you.

Phew! That was the digital transformation of the account opening business process for a bank. It used a computer in the form of a mobile application that could fill in your details, take a photo of you from your mobile camera, and use a complex backend API and workflows that, in minutes, gave you a new bank account and a virtual credit card. You could be sitting in the Bahamas enjoying your coconut drink with the bank officer sitting thousands of miles away in a call center, facilitating your account opening without you even having to go to your nearest bank branch. It all looks great, but where does risk come in here? What if it was not you who requested an account, and someone else used your identity and photo to create a bank account and then misuses that account? What if in this process, you inserted a photo of Harry Potter, and the account got created without your image? What if, while creating a bank account, your personal information was also relayed and exfiltrated by an attacker for later use and abuse? What if your virtual credit card details got into the wrong hands? What if the wrong hands is not a human but software? What if this malicious software then makes a fraudulent transaction on your behalf? Who will you catch as there is no human in this process?

Digitization makes changes that use technology to make life easier for consumers, employees, businesses, and governments. It provides efficiency and new ways of achieving the same goals. It also creates new types of risk. Some of these risks are visible (known), while others are invisible. We’ll explore this in more detail in the next section. Feel free to read the Global trends: Navigating a world of disruption report from McKinsey at https://www.mckinsey.com/featured-insights/innovation-and-growth/navigating-a-world-of-disruption.

An invisible hand

Today, we send more WhatsApp messages than we used to with SMSes just a few years back. Most of my friends don’t send SMSes any longer. Nowadays, it’s WhatsApp, Snapchat, or Telegram.

Do you know we also had a multimedia messaging service (MMS), which could be used to send images, video, or contacts to recipients? It was rich but it could not stand the onslaught of WhatsApp, which provided a much easier and more intuitive way to send and received images, videos, and audio messages.

So, what happened here? MMS capabilities used to be pre-installed on each phone, whereas users are required to install WhatsApp. Since both provide rich multimedia content, why did MMS not take off?

Let’s look at user experience and touchpoints in using these technologies. SMS is off the table due to its limitations regarding handling multimedia content. Let’s look at MMS and WhatsApp: both can send rich content, such as images and video, but MMS uses SMS transport as a channel to send content, so it will always require cellular phone connectivity with your provider. On the other hand, WhatsApp is independent of your cellular network. It works when you are on Wi-Fi or when you are without cellular connectivity.

To add to that, if you roam to other countries, sending MMSes can be very expensive as it also uses cellular infrastructure. What makes WhatsApp the king of messaging is that you can send messages even when there is no connectivity. Yes, the message gets in the sent queue and the user can do the next task without waiting for the message to be delivered to the recipient. A user can send the next message, leaving the WhatsApp framework to send messages as and when a connection is available. This is a very powerful feature; I call it send it and forget it. The verdict came quickly and MMS died at a very rapid speed, but what it left behind was the trace of an invisible hand at work. If the technology you produce is easy to use, cheap, and intuitive. it will get adopted very fast as if there is an invisible hand making it popular and adopted across masses, countries, and languages.

So, for a technology to truly offer an invisible hand, it needs to deliver greater efficiency and innovative capabilities that increase the value to customers multifold times. Primary capabilities must be easy to use (no manual, no tutorial, no how-to for using as many features as possible). It should be independent (that is, not tied to any platform, device, time, or channel), and have a free version. At the time of writing, digitization has increased and given all of us more thinking time to innovate; in essence, the pace of technological innovation has accelerated. Look at buzzing stock exchange companies that are more digital and tech-savvy; they are leading the pack and increasing their market share. Pick any company in insurance, finance, distribution, retail, telecom, or any other sector; the more tech-enabled the company is, the greater the chance that it will disrupt the market and become successful.

The next wave of innovation is led by AI, and its infusion will lead to more disruption and automation than any other technology on this planet. The following chart developed by McKinsey (the original graph can be found at https://www.mckinsey.com/featured-insights/innovation-and-growth/navigating-a-world-of-disruption) shows sectors and companies that will be impacted by AI:

Figure 1.1 – The potential of AI to deliver more value across industry verticals

While the pace of adoption of AI by various companies across sectors will differ, the invisible hand that is driving digital adoption will be evident in the way employees work, engage with customers and partners, and collaborate with other employees. Business engagements will use more AI to reduce or ease human work. When we talk about AI, we always think of devices depicted in movies and science fiction novels.

AI tends to be accompanied by the thought that if everything is done by machines, robots, and AI, what will humans do? Some media companies and blog writers have exploited this, thinking with creative headings such as “the top 10 jobs that will be lost in the coming years.” It’s natural for people to read such articles to see whether and, if so, how their work will be affected. As per the McKinsey study, automation and AI promise to create more jobs than they will take away or replace redundant jobs and bring something new into the picture instead. Also, AI promises to make jobs easier while creating new jobs that will require different kinds of skills. For now, it is not a zero-sum game: AI promises to create more jobs.

Let’s quickly look at the key message from the report:

“Under a midpoint scenario, about 15 percent of the global workforce, or the equivalent of about 400 million workers, could be displaced by automation from 2016 to 2030. At the same time, 550 million to 890 million new jobs could be created from productivity gains, innovation, and catalysts of new labor demand, including rising incomes in emerging economies and increased investment in infrastructure, real estate, energy, and technology.”

– McKinsey study 2021

What also makes this interesting is my observation that 3 years in the IT industry is almost the same as 10 years in conventional industries due to the pace of innovation. While my observation’s timeline is debatable, innovation in the IT sector led by Microsoft, Apple, Google, and Facebook is unparalleled in any other industry. The second point I want to make is the time it takes for an innovation to become mainstream is also reducing. I still recollect how quickly WhatsApp ate SMS for lunch and how Zoom/Teams ate telecoms voice calls for breakfast, or the time it took for consumers to switch from big fat TVs to thin smart TVs at home. While it’s about adoption, the following visuals also share the speed at which we have adopted digitization. Let’s take a look at the following graph (the original graph can be found at https://www.visualcapitalist.com/rising-speed-technological-adoption/) to understand this better:

Figure 1.2 – Consumer rate of adoption for various technologies

Indeed, all of us in our various personas, from our working lives or personal lives, want to adopt and try out new technologies. I get goosebumps when young kids these days prefer to text with emoticons to express themselves because I find that such short and quick ways to display emotions are not the most efficient when it comes to human-to-human interaction. Our quick adoption of digitization is also creating new and different behavior patterns.

Summary

As we embrace digital life, all our activities, such as talking to a friend over a video call, planning a trip to our favorite destination, approving a purchase order created by our finance team member, having a board meeting or sensitive organization change discussion on a digital call, or communicating via email about a sensitive dividend or stock data with our banker, happens with a few clicks on our phone or computer. As I use my phone to check for the availability of hotels in Central London, I can surely feel two things strongly. First, the digital tsunami has just started and there is more to come. Second, the invisible hand of change will ensure populations across continents are immersed in this digital life, which will lead to more productivity, empowerment, and digital risks.

In the next chapter, we’ll uncover more risks that technology delivers, along with the productivity benefits it provides in our lives.

2

Going Digital

As I sip my coffee, I check through my phone calendar for any upcoming meetings. I will be joining a Microsoft Teams meeting in seven minutes and am worried about the noise of drilling coming from the construction site nearby. I worry I may have to mute myself when not speaking on the call. But to my amazement, I discover that the Microsoft Teams software cancels out all background noises, including the sounds of drilling machines and hammering, saving me the stress, effort, and distraction of having to mute and unmute myself during the call.

What a breeze! Now, I start thinking that if intelligent software can cancel out noise, then could it also add noise such as the sound of traffic, an arriving train, or ambient airport sounds? I could fool someone into thinking that I am at the train station while I am taking a call from my home or a cafe. This can also extend to connecting with people online. Although I don’t know the mobile numbers of my friends by heart, joining three of them on a call and talking to them is so easy. I don’t have to call the first one, then call the second and third ones, and press the conference button on my phone today. I can just set up a single call and they can join it at their convenience. I feel like part of my life is missing if I don’t have my phone for a few minutes.

Let’s look at another scenario. My Teams call has started, and I feel hungry. I want to order something to eat, so I just grab my phone and point the camera at the barcode on the table. It’s a contactless menu. I don’t have to call the waiter to get the menu and then flip through the pages. The contactless menu gives me the names of the dishes, their pictures, nutritional details, videos and images of how the dishes are made, and some reviews. This is way more information than used to come on a standard menu. I can also quickly filter the choices by my favorite cuisine or by healthy options only. All of this started just with me pointing my camera at the contactless menu barcode, and my phone is still hosting the Teams call while I order my dish. But phones and small IoT devices can do a lot more than this to make our lives easier. Let’s take a look at all of these changes happening around us in this chapter.

In this chapter, we’ll cover the following topics:

Hello Alexa, Siri, Google, Cortana, and more

“We need a good user interface that’s intuitive to use” – I keep hearing this phrase in corridor discussions on why it’s important to have a good user interface. This topic has also given birth to design thinking, where software for the automobile industry is very focused on products and services having a good user experience. When I work with