How to minimise cyber risk when planning your digital transformation
With companies chasing digital transformation and rushing into new technologies like big data, cloud and IoT, the question of cybersecurity tends to get glossed over in strategy meetings and boardroom presentations.
There’s a widespread tendency to look at cybersecurity as an optional ‘extra’, something that can be slapped on later on when budgets permit.
No doubt, digital transformation is important. Companies can’t stay competitive without it. And these new interconnected technologies are incredibly useful, opening up new capabilities and opportunities for organisations and the people who work in them. But there’s also a dark side to this level of interconnectivity: greater cyber risk. The more interconnected IT infrastructure becomes, the more points of vulnerability emerge, and the riskier the whole ecosystem becomes. Supply chains illustrate the dangers of interdependent ecosystems quite well. Any vulnerability in the chain can have a wildfire effect that could result in losses in millions of dollars and reputations being destroyed overnight. With the stakes so high, senior IT executives need a more proactive approach to securing critical data in a hyperconnected environment. Even a single cyber incident can be devastating for a company, as well as its leadership.
The reality is that for most companies, the classic, contained enterprise network no longer exists. As more and more companies move to the cloud, the old rules of cybersecurity simply don’t apply anymore. That’s why cybersecurity is also undergoing a radical shift. Instead of trying to secure network perimeters, the focus is shifting to ensuring each component in a network is built to be secure by design. Protection is becoming the default posture for all applications. The rise of DevSecOps illustrates how this change in thinking is being put into practice.
This approach distributes the risk to the network across all apps and devices, so even if one element is compromised, the network and the data in it stays relatively resilient. That’s why measures like multi-factor authentication and role-based access controls are becoming more commonplace. These two measures alone go a long way in guarding against the biggest cybersecurity threat - human error.
The scale of the cyber threat landscape isn’t lost on major companies. Large industrial vendors like GE now sell software along with their products, like subscription-based monitoring tools and maintenance services, to guard against disruptions. These companies realise just how dependent their products and services are on a secured digital infrastructure. In terms of cybersecurity, all the challenges and requirements software companies typically face now apply to any data-driven organisation. Since data no longer sits in one central location, automated cybersecurity needs to be baked into every network component and app to prevent breaches.
Another important consideration in mitigating risk is cybersecurity insurance. But just having insurance is no guarantee that the organisation is immune to risk. For example, there are reports that some companies impacted by the NotPetya ransomware attack have been unable to collect their claims because the insurance carriers claim the attack qualified as an act of war, which aren’t covered by their policies.
Digital transformation is a massive shift for any organisation, and decision-makers need to be aware of the new risks their organisation will be exposed to. In making those judgments and assessments, cybersecurity leaders must be involved in planning, strategising and rolling out the transformation. To ignore their advice is to invite trouble even before your digital transformation has had the chance to start.