An IT decision maker’s most important role is to oversee and strategically direct digital transformation efforts. In fact, according to IDC’s 2019 Digital Business Research, 91% of organisations have adopted, or have plans to adopt, a “digital-first” business strategy.
The top objectives for digital transformation include; creating better customer experiences (67%), improving process efficiency through automation (53%), and driving new revenue (48%). Fulfilling these objectives will result in massive amounts of data, adding unprecedented complexity and risk to the business.
For Chief Information Officers (CIOs), this adds pressure to reframe their position on security in order to succeed in this digital era. So, what can be done to overcome these challenges and protect the business?
Security must not be an afterthought
While the focus is on generating revenue and business growth, security needs to follow every organisation’s digital transformation as closely as possible. Like technology, the approach to security must be collaborative.
There needs to be a paradigm shift to ensure that the security side of information technology gets a seat at the table and is included in all business decisions.
While security and compliance costs can be a barrier, especially when adaptation is required, it’s crucial for CIOs to recognise that the right level of investment is necessary. Otherwise business outcomes will be far worse than the initial cost of security.
Consider the barriers
Implementing a successful digital transformation means overcoming barriers, such as an insufficient digital vision and strategy, and not being hampered by data privacy and cyber security concerns.
Admittedly, the cost of data privacy is higher today than in previous years, due in part to new and growing compliance requirements, but do these security concerns have to be barriers?
Data privacy and security should be considered an enabler to any digital transformation. While security and data privacy practices must be maintained regardless of initiatives, it’s important to bear in mind that a shift in focus on how sensitive data is anonymised is likely. Intelligence, like Personal Identifiable Information (PII), will become even more expensive to maintain compared to traditional data.
Incorporating fundamental practices like two-factor authentication and vulnerability patching will become even more integral to overall security hygiene.
The Cloud and Internet of Things (IoT) are helping businesses to accelerate the pace of innovation, driving greater productivity and efficiency, and capitalising on new economic models.
However, the associated technology can cause significant disruption. For example, the introduction of bring your own device (BYOD), smart offices and internet-facing back office systems, have revolutionised the way CIOs work, as well as the impact they have on an organisation.
This revolution is changing IT, moving the department away from a purely operational overhead to a centralised revenue-generating function critical to the business.
More organisations are adapting and utilising this type of centralised revenue strategy, cognisant of the large amount of risk this strategy brings.
A Dell Technologies Survey highlighted that 48% of business leaders believe that the more dependant we are on technology, the more we have to lose in the event of a cyber attack.
In addition, there are several systems that were not designed with the internet in mind. For example, the legacy systems in banks and financial institutions were not intended to be IP accessible from the internet. When these systems are inevitably brought online, they introduce a higher security risk.
Consequently, security risk is heightened by the countless number of tools available to people in order to improve efficiency.
Some carry out activities independently, using openly available development and runtime environments sanctioned by IT, to create new business applications.
However, these people typically lack understanding of security best practice and unintentionally create insider threats and even greater headache for the CIO.
Containing security threats
Threat prevention is of critical importance, as reflected in most organisations’ abundant investment into security controls and processes.
However, threat prevention on its own is not enough.
Cyber threats can bypass defences, compromise IT assets and lead to extensive damages. In addition to threat containment, organisations are investing in threat detection and response software that includes Artificial Intelligence (AI) and Machine Learning (ML) detectors to help improve situational awareness across the business.
One of the biggest security challenges of the digital era is automating the remediation of threats in a way that continually drives more efficiency, shortens cycle time, and decreases the cost of remediation.
This can be achieved using an advanced solution that monitors activity across Cloud, network, endpoint and business devices. With this type of solution CIOs can fast track detection and response with software-driven responses for common containment-use cases, reduce false positives, and facilitate the focus of limited resources on defending against real threats.
For organisations in the midst of digital transformation, CIOs need to source innovative solutions to protect the business, while creating a solid strategy for people, processes and technology aligned with the business’ strategy.
At a time when the most successful enterprises are increasingly digitally native, the CIO will continue to play a central role in corporate cyber protection.
This article was written by Cyber Collective Partner Secureworks’ Ian Bancroft, Vice President and GM EMEA