Cyber Security Risk in the Digital Transformation Age
For most businesses, the journey into digital transformation has already begun. Whether in the process of implementing or in the process of planning, cyber security should be a top consideration with every new application and solution adopted.
Digital transformation gives businesses the ability to perform in a more agile way, make more informed data-driven decisions, leverage cloud technology, mobility, and explore the many opportunities that new technology — such as AI, big data analytics and the Internet-of-Things (IoT) — presents. The benefits are obvious and highlighted everywhere, but with greater connectivity, comes greater risk. However, there seems to be a concerning disparity between the increasing investment we see in emerging technology and the minimal investment going into cyber security.
With new regulations such as the Australian Government’s Notifiable Data Breaches scheme, and the EU’s General Data Protection Regulation (GDPR), cyber security is now an organisation-wide challenge that should be sitting at the very top of every business executives agenda.
Security Challenges that Accompany Digital Transformation
Transforming into a successful digital organisation is an unavoidable goal for any business wanting to operate in the modern world. The people want the best solutions, and it is digital transformation that will allow businesses to provide them with the best services possible. The challenge, however, is that as the reliance on technology has increased, so too has its ability to cause more significant damage. With more apps, platforms and programs, the attack surface has expanded, opening up more routes for hackers to penetrate.
According to the Telsyte Cybersecurity & Privacy Study, 2018, 20 per cent of organisations in Australia and New Zealand have experienced at least one breach across key emerging technologies. Those included:
- Cloud computing – 29 per cent
- IoT – 27 per cent
- Big data analytics – 28 per cent
- Blockchain – 25 per cent
- Artificial intelligence – 21 per cent
As demand increases for new technology, businesses need to be acutely aware of the risks surrounding adoption. Playing defence with hackers is a losing game. A strong offence is essential in cyber security. Otherwise, businesses can find themselves paying significant ransoms, with no real guarantee of security.
Costs of a Cyber Security Breach
If you are one of the many organisations not currently investing in a thorough cyber security strategy, you may be doing so with the thought that a breach is unlikely to happen to you and it surely couldn’t have that big an impact in the event it did. Allow us to shed some sobering light on the actual situation.
In 2018 alone, more than five billion data records, including corporate passwords and email addresses, were exposed and compromised. Fortune 500 companies, those you would expect to be leading with cyber security initiatives, are being hacked every week, and every day it is happening to SMEs. No one is immune.
While we hear about these cases all too regularly, the news tends to focus on what the user or customer has had exposed, rather than what the breached business has lost. Impacts of an online security breach go well beyond exposing customer data and can cause significant reputational damage (as we see currently with Facebook), plummeting share values (also Facebook), steep penalties and fines (again, Facebook), and insurance payouts.
In 2018, two of the UK’s largest brands — the Marriott and British Airways — suffered security breaches which saw attackers steal upward of 339 million user records. Both businesses faced a lot of negative PR, loss of brand credibility, reduction in customer faith, ransom costs which went to the hackers, and monumental fines by the ICO for being found in breach of GDPR – £100 million for the Marriott, and £183 million for British Airways. It is only a matter of time before the same penalties are applied to Australian businesses.
No matter the size and earnings of your organisation, a security breach can cause irrevocable damage to the reputation and financial stability of your company. It is essential to take proactive measures rather than waiting for a security violation to motivate action.
Emerging Cyber Security Trends
With action in mind, you should by now be wondering what can be done to prevent cyberattacks and safeguard your organisation. Considering all the bad news, it may appear there is no hope against the efforts of hackers, but thankfully, this is far from true. Cyber security is an advanced field with solutions and services that can drastically reduce risks and catch breaches before any damage can be done.
It is possible for businesses to digitally transform while staying secure in the process.
Businesses can safeguard their digital information by:
- Integrating security systems to help improve visibility into a network
- Building security into any new applications and platforms
- Providing periodic training to staff across the organisation so that everyone is aware of how they can keep information secure
- Performing regular penetration testing to look for any potential vulnerabilities and thus opportunities to improve security
- Automating cyber security practices to monitor for threats and expand cyber protections
- Sharing threat intelligence across the organisation so that everyone can take steps to minimise risk.
Risk officers need to invest in governance, risk management and compliance (GRC) programs to take a proactive stance against a breach.
Successfully Securing Digital Transformation
Considering the steps above, organisations going through a digital transformation need to approach it as a business-wide initiative. It should be driven business-wide, with all parties — from marketing through to customer services, finance and IT — working together on the company-wide strategy and that strategy should include security.
Businesses who lack cyber security skills internally should engage third party services to ensure that security precautions are implemented and maintained effectively. These experts can be used to coach the business on how best to train staff and take steps to keep information secure while successfully executing your digital transformation.
Cyber security is the responsibility of everyone involved in your digital disruption.