Digital transformation, also known as the Fourth Industrial Revolution (4IR), has been gathering steam since early this decade. According to a PwC report, companies invested nearly US$650 billion in 4IR technology since 2012.
As more and more organizations undergo digital transformation, cybersecurity challenges underpin many of the decision-making processes. At a recent cybersecurity executive summit in London, several leading experts, security consultants, and industry analysts shared their thoughts and insights into the ever-present cybersecurity concerns that go hand in hand with rapid transformation efforts.
Priorities. One of the challenges companies face with digital transformation is that security often is less of a priority than it should be. “Security concerns are frequently more of an afterthought,” said Inga Schorno, head of information security for the UK-based Tandem Bank. “Instead, companies should be having security conversations right from the start. When we talk to our customers, we ask, ‘Why are you transforming in the first place? What is your objective?’ That allows us to identify and address the risks, so we can help them take steps to ensure things are done in as safe a way as possible.”
Data protection. Protecting data is one of the biggest issues companies grapple with as transformation initiatives move forward. “At Cisco, we are very focused on making sure our customers can securely grow at scale, whether it’s 5G, IoT solutions, or a multicloud environment,” said Lorena Marciano, EMEAR data protection and privacy officer for Cisco Systems. “Part of our mission is to make sure the data our customers entrust with us is secure.”
“Companies need to move fast, but at the same time protect data appropriately,” added Bridget Kenyon, Global CISO for Thales eSecurity. “People are constantly coming up with brilliant ways to improve efficiency or cut costs using cloud services, for example. But you have to do your due diligence right at the beginning. The idea of just diving into the cloud without thinking about the business context and what you need to protect is, simply put, dangerous.”
Speed. Companies also need to have a good understanding of how the speed of transformation will impact their business and affect decision making, according to Michael Fieldhouse, social impact practice leader at DXC Technology. “It’s important to work together with IT or security operations to fully understand the pros and cons of moving forward,” he said.
Scale. Another hurdle many organizations must overcome is how to match cybersecurity with rapid growth. “As companies scale, it becomes harder to manage the joiners-and-leavers process,” explained Nic Miller, founder of cybersecurity firm Aedile Consulting. “A small company may have 20 employees, each of whom has 20 cloud accounts. That means managing 400 accounts. What happens when someone leaves? Who actually makes sure they’re locked out? And what happens when the company grows to two, three, or four hundred employees? With cloud proliferation, it becomes an unmanageably large problem to solve. For this reason, it’s important to have processes in place as you grow, and also to consider the security of cloud providers, ensuring they are able to manage and secure their own accounts.”
Employee buy-in. Successfully adopting new technologies and processes requires that organizations consider the impact on employees. “Many companies don’t get employees involved soon enough in the digital planning process,” said John Childress, chairman of Cultursys, a UK-based company that helps its clients reduce risk by using culture analytics, behavior analytics, and system modeling to transform their business. “It’s important to get them involved in the planning for digital transformation early, to determine if they can actually utilize new technologies and processes effectively and whether they understand them.”
Artificial intelligence. Tom Ilube CBE, CEO for Crossword Cybersecurity, a cybersecurity technology and consulting firm also based in the UK, believes artificial intelligence (AI) poses one of the biggest challenges over the next five years. “As AI becomes part of the way organizations do business on an everyday basis,” he warned, “so too will the proliferation of attacks on AI-based systems. Let’s say your company is making decisions based on the way a particular AI algorithm works. Now suppose an attacker figures out a way to manipulate that AI so that it behaves differently. Since it’s a black box and you don’t even know how it’s supposed to behave, this sort of vulnerability could cause companies some serious problems.”
Every revolution has its threats and challenges, or they wouldn’t be called revolutions. The participants poised to triumph are those who evaluate the risks and plan their mitigations in advance.
David Pitlik is a long-time technology and business writer and frequent contributor to NETSCOUT’s blog.
Note: The information above is based on interviews conducted at the June 2019 WSJ Pro Cybersecurity Executive Forum by Wall Street Journal reporters on behalf of NETSCOUT
Watch interviews with WSJPro Cybersecurity Executive Summit attendees here.