Cyber footprints and cybersecurity have always been important for every enterprise, but, arguably, the stakes have never been higher than they are today.
Estimated reading time: 5 minutes
With data breaches making the headlines on a regular basis and even supposedly highly secure organizations like the US’ Department of Homeland Security and oil and gas company Colonial Pipeline falling victim to hackers, consumers are both more knowledgeable about cyber risks, and more anxious about your company’s ability to protect them. McKinsey reports that 87% of consumers said they’d refuse to do business with a company unless they fully trust their security practices.
Consumers have good reason to be anxious, because hacking attempts and cyber attacks have skyrocketed during the pandemic. One study found that COVID-19-related attacks drove phishing attempts up by 68% in 2020, and Risk Based Security’s research revealed a record 36 billion breaches in 2020.
Leaving aside the impact of the pandemic, some business figures fear that digital transformation itself has been increasing cyber risks. The more your business-critical operations move to digital, the theory goes, the more vulnerable they are to hacking attempts. Valid or not, many executives feel more secure when IT assets are hosted on on-prem servers rather than in the cloud, but avoiding cloud computing holds you back from the full potential of digital transformation.
But as long as you manage your digital transformation correctly, these fears can be calmed. Security experts claim that far from exacerbating cyber risks, digital transformation done right can actually be a powerful weapon against hacking attacks and data breaches.
Make it easy for employees to be security-conscious
Humans are the weakest link in any security endeavor, with 52% of CISOs agreeing that employees are the biggest threat to operational security. The way you manage your digital transformation will be crucial to whether your workers help strengthen your security profile, or undermine it.
For example, many enterprises limit the size of files that can be shared through workplace emails, but employees who need to share a large file may circumvent security barriers by sending it through their private email account, or use a free web-based file sharing service, which are rarely transparent about how and how long they store your data.
Security teams also enforce frequent password changes and insist on long, complicated passwords. While these are valuable security measures, the result is that employees who can’t remember their fourth password of the year often write it on a post-it note by their workstation, which undoes a lot of the benefit of the secure password.
Mitigate the harm that employees can do by offering organization-wide secure cloud file storage, for example, or inviting employees to use free password managers and implementing two-factor authentication for every device.
Take advantage of the experts
Many enterprises feel nervous about cloud-based “as-a-Service” solutions. Research by UK telecommunications firm BT and YouGov revealed that only 4% of participants would be open to cloud-based tools “as a service.”
But this is a mistake. Specialist cloud services generally have a far higher security profile than your in-house team can deliver, especially for smaller enterprises. Their business depends on trust, so they use the most advanced security tools to actively monitor every aspect of the infrastructure.
In the same vein, it’s important to adopt and deploy the strongest security tools possible for your own organization. Digitally transformed businesses should investigate and use new protective services, like smart firewalls, artificial intelligence (AI)-powered penetration prevention, and innovative threat intelligence services that use machine learning (ML) to predict and prevent attacks from new vectors.
Be suspicious of the right things
It often seems as though enterprise executives suspect all the wrong players. Many are reluctant to adopt digital innovations such as 5G networks, which have far more security baked into the technology than 4G infrastructure and are vital for edge computing which helps close off vulnerabilities that hackers can exploit.
And yet third-party app vendors often pass below the radar. According to research by Aravo, 22% of companies had suffered a data breach due to third party apps in the past 12 months. Third-party platform vendors should be scrutinised with as much care as that devoted to business partners, because that’s essentially what they are.
It’s worth bearing in mind that when companies fail to educate employees about the benefits and challenges of a digital culture, they open themselves up to the risks of shadow IT. Employees who are frustrated by new tools they don’t understand are a lot more likely to quietly select their own SaaS apps without consulting the IT security team, potentially creating an open door into your operations ecosystem.
Close loopholes in legacy software
Sometimes, enterprises carry out a half-baked digital transformation that creates more problems than it solves, and then blame any cyber attacks on the fact that they tried one at all. Legacy software and hardware are often full of vulnerabilities that make it easy for hackers to enter the system, and combining them with newer cloud tools does nothing to close the loopholes.
Legacy infrastructure and cutting-edge programs don’t always play well together, leaving cracks for malicious actors to exploit. Additionally, although software updates and patches do a lot to keep tools secure, there’s only so far they can go. After a certain period of time, it’s better to upgrade the entire software suite.
When managed carefully, digital transformation can not just make enterprises more profitable and competitive, but also help them to boost their security profile and deter would-be cyber thieves. Giving employees the information they need to protect your organization, applying the right cutting-edge tools and expert knowledge, replacing legacy software and hardware, and thoroughly investigating third-party vendors can help enterprises enjoy the benefits of digital transformation without falling victim to hackers.
What do you think of cyber and cybersecurity? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.
Last Updated on June 25, 2021.