Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Digital Transformation Presents Both Reward and Risk

Digital technologies have fundamentally changed the way organizations do business. Mobile access, advanced analytics and cloud have increased both operational agility and revenue growth through data availability, workforce enablement, and improved customer experiences. As a result, organizations are projected to spend $1.97 trillion on digital technologies and services by 2022, according to IDC.

Digital technologies have fundamentally changed the way organizations do business. Mobile access, advanced analytics and cloud have increased both operational agility and revenue growth through data availability, workforce enablement, and improved customer experiences. As a result, organizations are projected to spend $1.97 trillion on digital technologies and services by 2022, according to IDC. The benefits of digital transformation are unlimited in scope and scale, but with it comes new risks for organizations and their security teams.  

Expanding Infrastructure and Increased Complexity

Cloud, mobility, and the internet of things have dramatically impacted change cycles. What might have previously been implemented over many years often now occurs in just months, weeks, and even days. However, every new technology adds a huge amount of complexity which can cause disruption, and even increase organizations’ attack surfaces. 

Organizations’ expanding infrastructure can have weaknesses, such as open ports, vulnerabilities, or weak or expiring certificates. These exist across your known infrastructure, but also extends to shadow IT – those projects and software managed outside of the IT department, the existence of which may not be known to the security team. Attack surfaces are becoming increasingly hard to reliably identify, never mind reduce.

The Challenges of Third Parties

According to the Ponemon Institute, 56 percent of organizations have experienced a data breach as a result of a third-party vendor. The U.S. National Institute of Standards and Technology (NIST) calls out third parties as a top source of risk, in part because of poor security practices. Add fourth and fifth parties into the mix, and the risk increases exponentially. So how can organizations be confident that their vendors and subcontractors – who play a crucial role in their business operations – are adequately protecting organizations’ sensitive data?

Companies can bolster their third-party risk awareness in a number of ways: educating internal stakeholders about properly managing third party risk; contractually enforcing third party security performance expectations with independent reviews of external-facing systems; tracking third-party risk in a central database; and adjusting approach based on known strengths and weaknesses, to name just a few. However, even all of the measures will not adequately safeguard your sensitive data: organizations should assume this information will become exposed, and take steps to detect and remediate this loss. 

Criminals “going digital”

Advertisement. Scroll to continue reading.

As third-party ecosystems grow, more data is stored on the cloud, and employees find new ways to engage online, organizations’ sensitive data frequently becomes exposed. Knowing this, adversaries take advantage of this unwanted exposure; using credentials for account takeovers, or intellectual property to conduct corporate espionage. 

However, it even extends beyond this – cybercriminals have taken notice and are finding ways to take advantage of organizations’ digital transformation efforts. No sooner than a company or bank offers a new mobile app to improve access and efficiency will a bad actor try and devise a way to manipulate it to his own end. 

To protect against these threats, organizations need to find new ways to detect data loss, to secure their online brand, and to reduce their attack surface. 

Asking the right questions

Digital technologies are critical to a businesses’ ability to become more agile, increase profitability and better respond to customers. But, like most processes, it’s an ongoing one and takes time and attention. Ultimately, to fully benefit from these innovative digital practices and tools while simultaneously ensuring cybersecurity, companies must be prepared to consistently plan and continually collaborate to increase transparency of their own and their third parties’ practices. I suggest business leaders ask themselves the following three questions to reduce this digital risk:

1. Who is “in charge” of managing digital risk? Are we relying solely on the CISO or does risk extend beyond silos? 

2. Are we extending digital risk management beyond the company, into our partner and vendor ecosystem? What tools does the organization have in place to detect and remediate risks outside the traditional perimeter? 

3. Does our CISO address security in terms of business risk? Do we measure the success of the security team in terms of business risk?

Organizations’ perimeters will continue to erode as their digital footprints expand, but with the right risk protection strategy any organization can succeed in the age of digital transformation.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...