In this age, technologies such as big data analytics, Artificial Intelligence, Machine Language, the Internet of Things (IoT), blockchain, and mobile computing are reinventing the way organisations handle everything from decision making to service delivery. The automation of virtually all business processes and the increasing digital connectedness of the entire value chain create agility, but they also significantly raise cybersecurity risks and threat levels.
The key to addressing those risks and threats is to building security into applications, as well as into interconnected devices, is by using Security by Design, right from the start.
The cybersecurity issues raised by digital transformation are driving the need for a better understanding between the organisation’s cybersecurity professionals and those who provide application security.
When an organisation promises to deliver the value of digital business to customers, it is often the case that security professionals are not at the tablepresent when critical decisions are being made. Without security professionals in the room at the right time, organisations are exposing themselves to business critical business risks that could damage the brand.
At this point, those working for small and medium-sized businesses enterprises (SMEs) and the public -sector organisations may question the relevance of this article to their circumstances. Many may think that all this the digital transformation talk may sound like it only applies to elite multinational businesses or aggressive start-ups. However, the truth is , however, that customers, partners, and other stakeholders have come to expect a “Fortune 500” quality of experience from all organisations – public and private – with whom they conduct business.
Furthermore, organisations increasingly look beyond their own walls to consider the quality of the cybersecurity programs employed by their suppliers, service providers, and business partners. Today, widely publicised security breaches, such as attackers exploiting the weak security posture of a local karaoke chain to attacking the healthcare eco-system, weigh heavily on the minds of organisations dealing with third-party suppliers. Cybersecurity has suddenly become the priority of every organisation in an increasingly hyperconnected economy.
Digital transformation covers a number of key project areas including:
Hybrid cloud, containers and virtualisation projects, taking advantage of the cloud and virtualisation to drive cost savings, flexibility, and business continuity planning;
Customer experience and analytics, with projects aiming to harness the power of business intelligence utilising big data analytics;
Digital infrastructure projects which use a combination of data and analytics to unlock key business information and drive growth; and
Nurturing tomorrow’s workplaces – assimilating mobility, communications, and collaboration.
The above projects are complex and, costly and they have interdependencies and inherent risks associated with them. However, when managed and executed well, they will contribute to building a resilient business – one that can protect its assets from cyber threats and respond quickly to attacks. By managing them well means embedding cybersecurity from the outset, which will resulting in a more integrated way to manage broader business resilience.
Despite all the talk of about cybersecurity capabilities being built in versus bolted on, security remains an afterthought for a vast majority of digital transformation activities such as mobility, cloud services, and customer experience programs. Too often, security is seen as slowing down a project rather than enabling its success, and with time pressure to get a project up and running, the lack of sound security considerations is a problem for organisations striving for true business resilience. With the increasing regularity and publicity of cyber attacks, businesses must realise that their customers are more aware of cyber issues than ever before, making embedded security a critical competitive advantage.
Integrating cybersecurity processes from the outset can strengthen digital transformation projects. As but organisations are at different stages, they and need to work with the right experts to navigate the options available, to them no matter which stage they are at on their journeys. Choosing the right team of experts to tightly integrate cybersecurity into your digital transformation projects will enable you to:
Address risk management through an integrated approach using a combination of consulting services, managed security services and technical security – to enable you to identify and control risks;
Reduce the complexity of your security architecture and operational model;
Add value to the digital business planning team to help them build resilience into the project, by assessing business risk and procedural controls;
Prioritise areas of business critical business risk;
Write a cyber resilience plan using language that the the business will understand;
Create greater customer satisfaction, loyalty and trust among your stakeholders;
Tightly embed seamless security , without delay to project timescales, and allowing the businesses to be quick to market; and
Develop an integrated approach to cybersecurity to reduce your organisation’s risk footprint.
It is in understanding the cyber defence maturity level of an architecture that will In order to help the stakeholders prioritise investments, align them with business objectives, and keep ahead of regulatory and compliances pressures, they need to understand the cyber defence maturity level of the architecture. The other angle is to implement applied threat intelligence into the organisation's security vehicle to ensure that IT is resilient against the latest threats. With such controls in place, the organisation may then seamlessly protect its environment from adversaries looking to exploit vulnerabilities, as the stakeholders transform the digital assets.
Cecil Su | Director, Technology Risk Advisory | BDO LLP
Cecil leads the Cyber Security & DFIR unit for BDO Advisory. He currently leads various engagement teams on diversified advisory, security testing and incident response projects across vertical industries. His current area of focus is in IT Security research and security testing. He is a trusted security advisor and has been involved in a variety of security assurance services helping clients go beyond compliance, government regulations, and corporate initiatives resulting in better protection of their critical information assets.