Vulnerabilities of digital products are rapidly being exploited by a wide range of actors for various purposes. This puts the stability of the digitalised world at risk, erodes user trust in digital services, and undermines digital development. To reduce these risks, businesses must increase the resilience of their digital products and services. Various baseline security requirements and product security certification schemes are being shaped by national, regional and international institutions and organisations around the world. Security-by-design may become a competitive market advantage, but will also add costs on the side of emerging digital industries – in particular in developing countries.
Building on the Geneva Dialogue on Responsible Behavior in Cyberspace, the workshop entitled ‘Security of digital products and services: A development perspective’ discussed best practices and examples of creating global, resilient, and ethical digital products, and their opportunities and challenges in the African context. The interactive workshop brought together perspectives of the industry, public authorities, technical community, and civil society, from all parts of the world.
Key messages from the Workshop discussion:
- Vulnerabilities in digital products and services are exploited by cyber-attacks, which produces security risks, safety risks, and diminishing trust. This, in turn, endangers economic development.
- Companies should embrace security by design and security by default approach. Geneva Dialogue on Responsible Behaviour in Cyberspace (https://genevadialogue.ch) gathers lead global companies to share good practices. African companies are invited to partner as well.
- Companies in developing countries – and generally small companies and start-ups – might find focus on security as additional burden. It is important not to press them, but rather to incentivise them to embrace security by design.
- Governments and local authorities also create numerous digital services for citizens, whose security is critical for security and safety of citizens (eg. with regards to national ID schemes).
- There is a need to boost cooperation among governments and the private sector, as well as civil society, to enhance awareness about security of digital products, and explore regulatory and policy options to incentivise security by design.
- We need more easily digested baseline security requirements and standards to be deployed by companies. The context and cultural specifics of the company/sector/country is also important in standards application. Certification schemes by regulators on African level (similar to those by Singapore or EU) may be helpful.
- Capacity building will be crucial for security of digital products – for companies, but also for governments and regulators. Efforts and good practices by big(ger) companies are important to move forward. Geneva Dialogue will focus more on baseline requirements and capacity building in 2021.
Watch the recording of the session below.