Why your security means everything to your digital transformation success

The single most crucial aspect of a successful digital transformation is security. The smallest of security mistakes could cost your organization millions. According to March & McLennan, 79% of global leaders named cyberattacks the number one risk management priority in 2020. And understandably so – cybercrime is predicted to cost the world $6 trillion in 2021.

The past 18 months have propelled the global digital transformation forward at breakneck speed. The Covid-19 pandemic has precipitated a fundamental shift in the way we function, from our work to our social interactions, from our entertainment choices to the way we do our shopping. But it has also given rise to highly sophisticated and efficient organized cybercrime. 

Dr. Abel Sanchez, executive director and research scientist at the Massachusetts Institute of Technology’s Laboratory for Manufacturing and Productivity, notes, “The battle being fought is moving faster than our decision cycle. If you’re moving slower, then you’re irrelevant from a leadership perspective.” A stark warning to CISOs about the importance of establishing agile, flexible, and fast strategies to protect their organizations from the additional risks that digital transformation presents. 

Organizations worldwide are investing in technology that they hope will give them a competitive edge in the post-pandemic era. But with several failing to address the deferred risks and potential vulnerabilities introduced during their digital transformation, general confidence in the security posture is diminishing. According to a recent report, 64% of CISOs fear their organizations are at risk of a significant cybersecurity attack in the next year, and alarmingly, 66% feel they would be unprepared to handle it.

We are seeing a steady increase of security breaches making headline news. This is P.R. that no CEO or board wants, and it is placing CISOs worldwide firmly on the hot-seat, or worse, costing them their jobs. But the truth is that few companies can boast of a truly secure digital transformation in the face of an increasingly sophisticated enemy.

The list of recent high-profile breach victims attests to the shatterproof strategies being developed by cybercriminals worldwide:

  • SolarWinds – the hacking of the US IT firm left its clients, including the U.S. Government and Microsoft, vulnerable for nine months
  • Marriott International – 5.2 million guests data was compromised
  • Magellan – health insurance giant – 365,000 patients were affected
  • LinkedIn – 700 million users affected
  • Facebook 533 million users comprised
  • Most recently – T Mobile with 50+ million users compromised

Organizations are fighting back and developing strategies to protect their businesses from security breaches and their wider networks. A good example is the World Bank, which recently announced a new Cybersecurity Multi-Donor Trust Fund that aims to accelerate digital transformation by improving governments’ technical capabilities and their efforts to increase security awareness. 

“COVID-19 has highlighted the vital role digital technologies and applications play in a resilient development agenda. It keeps people, businesses, and public services connected. As governments are rapidly scaling up their investments into digital technologies, cybersecurity has become a pressing concern to ensure a safe and secure digital transformation for all,” said Boutheina Guermazi, Director of the World Bank’s Digital Development Global Practice.

Global economies are increasingly dependent on solid cybersecurity to grow and thrive. For Elizabeth Vish of the Office of the Coordinator for Cyber Issues of the U.S. Department of State, this is true for all economies, including rapidly digitizing lower- and middle-income countries. “We believe the international community will be more secure, stable, and prosperous when a broad range of states can defend their networks.”

With help from the trust fund, the World Bank aims to achieve the cybersecurity progress needed to safeguard the global economy.

This isn’t the only example of organizations fighting back. CISOs worldwide are adjusting their strategies and strengthening their security postures, and their confidence is growing. 65% of CISOs believe they’ll be better able to resist and recover from cyberattacks by 2023.

What common elements are CISOs adopting to increase confidence in their security postures?

  1. Enhancing security controls – One of the most cited CIOS priorities. I.T. involves performing asset management, patching, vulnerability management, and configuration. It also encompasses the development of detailed security awareness education and training
  2. Identifying and mitigating third-party risk – We have the SolarWinds attack to thank for this. It highlighted the need for CISOs to have clear visibility of and understand all of the technology being used throughout their organizations so that they can vet vendors and mitigate risks
  3. Defending against ransomware attacks – The spike in ransomware attacks in 2020 put CISOs on high alert. Victims of the most powerful attacks spent at least $144.2 million on costs ranging from investigating the attack, rebuilding networks, and restoring backups to paying the hackers ransom and putting preventative measures in place to avoid future incidents. The answer is continuous testing of your security posture, both internal and external
  4. Getting board-level buy-in – Gartner estimates that 40% of corporate boards will have a dedicated cybersecurity committee by 2025, up from 10% in 2021. CISOs prioritize making sure all the executives know what’s going on in the threat landscape and highlighting the additional level of investment needed to battle those threats.
  5. Support for transformation and strategic goals – CISOs are thinking of security as a business enabler. The priority is to support the organization and business goals securely, to protect customers and employees, and at the same time to ensure a good customer experience.
  6. Agility – The unpredictable and fast-moving nature of recent global events, has meant that CISOs have had to secure aspects of the business that previously had little to no security and fast. CISOs are using multiple strategies to train themselves and their teams to work in a more agile and efficient way
  7. Upskilling your teams – If there is one thing that the sudden increase in cybercrime has highlighted, it is the general lack of skilled cybersecurity professionals. Competition in this department is fierce. According to Gartner, there has been a surge in demand for Infosecurity roles, with a 65% upswing in demand in the United States. So upskilling your teams is non-negotiable.
  8. Security by design: A critical element of the design roadmap is security – All new services and technologies must embed appropriate security, privacy, trust, and compliance from the get-go. Doing this can potentially save you a lot of money, as any vulnerabilities are more accessible to fix before deployment.
  9. Remote work security – Almost two-thirds of responding CISOs believe that remote work has made their organizations more vulnerable to cyberattacks, with 58% of them seeing more targeted attacks since enabling widespread remote work. CISOs are adopting Zero Trust and identity first security strategies to create a more secure remote working environment.
  10. Keeping up with laws and regulations – The growing number of privacy laws and regulations is a minefield for CISOs and CEOs alike. Any new deployment or entry into new markets needs to integrate severe privacy and security laws.
  11. Global events planning – The pandemic highlighted shortcomings in business continuity plans. Few organizations had continuity and resilience strategies that took worldwide events with such far-reaching impacts into account. The events of the past 18 months call for a rethink of what business continuity looks like.

For practical and actionable advice on ensuring a secure digital transformation strategy, join the Ascent Annual Conference on October 6 – 8, 2021, where we will host a fireside chat on Digital Transformation & Integrated Security.

Photograph by NASA via Unsplash.

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].