The single most crucial aspect of a successful digital transformation is security. The smallest of security mistakes could cost your organization millions. According to March & McLennan, 79% of global leaders named cyberattacks the number one risk management priority in 2020. And understandably so – cybercrime is predicted to cost the world $6 trillion in 2021.
The past 18 months have propelled the global digital transformation forward at breakneck speed. The Covid-19 pandemic has precipitated a fundamental shift in the way we function, from our work to our social interactions, from our entertainment choices to the way we do our shopping. But it has also given rise to highly sophisticated and efficient organized cybercrime.
Dr. Abel Sanchez, executive director and research scientist at the Massachusetts Institute of Technology’s Laboratory for Manufacturing and Productivity, notes, “The battle being fought is moving faster than our decision cycle. If you’re moving slower, then you’re irrelevant from a leadership perspective.” A stark warning to CISOs about the importance of establishing agile, flexible, and fast strategies to protect their organizations from the additional risks that digital transformation presents.
Organizations worldwide are investing in technology that they hope will give them a competitive edge in the post-pandemic era. But with several failing to address the deferred risks and potential vulnerabilities introduced during their digital transformation, general confidence in the security posture is diminishing. According to a recent report, 64% of CISOs fear their organizations are at risk of a significant cybersecurity attack in the next year, and alarmingly, 66% feel they would be unprepared to handle it.
We are seeing a steady increase of security breaches making headline news. This is P.R. that no CEO or board wants, and it is placing CISOs worldwide firmly on the hot-seat, or worse, costing them their jobs. But the truth is that few companies can boast of a truly secure digital transformation in the face of an increasingly sophisticated enemy.
The list of recent high-profile breach victims attests to the shatterproof strategies being developed by cybercriminals worldwide:
- SolarWinds – the hacking of the US IT firm left its clients, including the U.S. Government and Microsoft, vulnerable for nine months
- Marriott International – 5.2 million guests data was compromised
- Magellan – health insurance giant – 365,000 patients were affected
- LinkedIn – 700 million users affected
- Facebook 533 million users comprised
- Most recently – T Mobile with 50+ million users compromised
Organizations are fighting back and developing strategies to protect their businesses from security breaches and their wider networks. A good example is the World Bank, which recently announced a new Cybersecurity Multi-Donor Trust Fund that aims to accelerate digital transformation by improving governments’ technical capabilities and their efforts to increase security awareness.
“COVID-19 has highlighted the vital role digital technologies and applications play in a resilient development agenda. It keeps people, businesses, and public services connected. As governments are rapidly scaling up their investments into digital technologies, cybersecurity has become a pressing concern to ensure a safe and secure digital transformation for all,” said Boutheina Guermazi, Director of the World Bank’s Digital Development Global Practice.
Global economies are increasingly dependent on solid cybersecurity to grow and thrive. For Elizabeth Vish of the Office of the Coordinator for Cyber Issues of the U.S. Department of State, this is true for all economies, including rapidly digitizing lower- and middle-income countries. “We believe the international community will be more secure, stable, and prosperous when a broad range of states can defend their networks.”
With help from the trust fund, the World Bank aims to achieve the cybersecurity progress needed to safeguard the global economy.
This isn’t the only example of organizations fighting back. CISOs worldwide are adjusting their strategies and strengthening their security postures, and their confidence is growing. 65% of CISOs believe they’ll be better able to resist and recover from cyberattacks by 2023.
What common elements are CISOs adopting to increase confidence in their security postures?
- Enhancing security controls – One of the most cited CIOS priorities. I.T. involves performing asset management, patching, vulnerability management, and configuration. It also encompasses the development of detailed security awareness education and training
- Identifying and mitigating third-party risk – We have the SolarWinds attack to thank for this. It highlighted the need for CISOs to have clear visibility of and understand all of the technology being used throughout their organizations so that they can vet vendors and mitigate risks
- Defending against ransomware attacks – The spike in ransomware attacks in 2020 put CISOs on high alert. Victims of the most powerful attacks spent at least $144.2 million on costs ranging from investigating the attack, rebuilding networks, and restoring backups to paying the hackers ransom and putting preventative measures in place to avoid future incidents. The answer is continuous testing of your security posture, both internal and external
- Getting board-level buy-in – Gartner estimates that 40% of corporate boards will have a dedicated cybersecurity committee by 2025, up from 10% in 2021. CISOs prioritize making sure all the executives know what’s going on in the threat landscape and highlighting the additional level of investment needed to battle those threats.
- Support for transformation and strategic goals – CISOs are thinking of security as a business enabler. The priority is to support the organization and business goals securely, to protect customers and employees, and at the same time to ensure a good customer experience.
- Agility – The unpredictable and fast-moving nature of recent global events, has meant that CISOs have had to secure aspects of the business that previously had little to no security and fast. CISOs are using multiple strategies to train themselves and their teams to work in a more agile and efficient way
- Upskilling your teams – If there is one thing that the sudden increase in cybercrime has highlighted, it is the general lack of skilled cybersecurity professionals. Competition in this department is fierce. According to Gartner, there has been a surge in demand for Infosecurity roles, with a 65% upswing in demand in the United States. So upskilling your teams is non-negotiable.
- Security by design: A critical element of the design roadmap is security – All new services and technologies must embed appropriate security, privacy, trust, and compliance from the get-go. Doing this can potentially save you a lot of money, as any vulnerabilities are more accessible to fix before deployment.
- Remote work security – Almost two-thirds of responding CISOs believe that remote work has made their organizations more vulnerable to cyberattacks, with 58% of them seeing more targeted attacks since enabling widespread remote work. CISOs are adopting Zero Trust and identity first security strategies to create a more secure remote working environment.
- Keeping up with laws and regulations – The growing number of privacy laws and regulations is a minefield for CISOs and CEOs alike. Any new deployment or entry into new markets needs to integrate severe privacy and security laws.
- Global events planning – The pandemic highlighted shortcomings in business continuity plans. Few organizations had continuity and resilience strategies that took worldwide events with such far-reaching impacts into account. The events of the past 18 months call for a rethink of what business continuity looks like.
For practical and actionable advice on ensuring a secure digital transformation strategy, join the Ascent Annual Conference on October 6 – 8, 2021, where we will host a fireside chat on Digital Transformation & Integrated Security.
Photograph by NASA via Unsplash.