Digital Transformation and Cybersecurity: It is Everyone’s Concern
The transition from working primarily from the office to working from our dining tables at home, from serving customers face-to-face to serving them online, forced many companies to rapidly effect digital transformation programmes. As the rate of digital transformation grew, so did the vulnerability to cyber attacks. Staff in a company will often assume that it is the job of the IT department to ensure the safety of the company. In fact, the job of keeping a company’s digitized functions safe from attack has to be devolved across the company, particularly during a digital transformation process.
Sources of Cyberthreats in the Digital Transformation Process
There are as many cyber threats as there are businesses and digital innovation processes. Here are a few:
- Third-party services such as cloud solutions, artificial intelligence (AI), process automation and Internet of Things (IOT) can form a prominent part of an organisation’s digital transformation plan. However, it is through these very third-party solutions that hackers can gain access to business secrets and other sensitive data. (CyberSaint Security) The potential threat to value chains and other parts of the business is inestimable.
- Ransomware allows hackers to encrypt confidential or otherwise sensitive data or trade secrets and threaten to expose them on the public internet until a large sum is paid, usually in crypto currency. This kind of attack most often affects government, banking, manufacturing, healthcare, finance, education, technology, food and beverage, oil and gas as well as insurance. (Bankokpost) No sector is safe.
- Misalignment between security teams and C-Suite executives. In order to achieve growth, teams must take some risks. This can create conflict between the business leaders and IT staff, where security teams are not brought on board with the digital transformation process early enough and where the funds required to provide adequate security are not made available.
- Humans are the weakest part of any organisation’s security infrastructure, according to Robert Kress, Managing Director at Accenture. Malicious insiders, phishing and social engineering attacks continue to pose a real threat.
How teams can take charge
It all starts at the top. C-Suite executives, digital transformation officers (DTOs) must make cybersecurity a priority right from the inception, in terms of setting aside financial resources and communicating digital transformation goals early in the process. This will allow IT teams to develop an enabling attitude. Rather than saying no to every risky experiment, they can evolve to understanding the teams’ goals and say instead “Let’s see how you can do that safely”.
Aside from ensuring that the IT team is up to date with the latest cybersecurity threats, Robert Kress advises training all staff — operations, legal, human resources etc — on cybersecurity and how they can be security-first people. Kress suggests gamification techniques, featuring a company-wide leader board and a system of rewards, to encourage staff to implement security measures.
Kress also suggests training security champions across the organisation who can act as advocates for security practices, and provide feedback to the central IT team on the effectiveness of security measures. The board, Kress says, must lead the way in being security champions.
A failure to prioritise security threats will scuttle even the most carefully implemented digital transformation programme. However, given that it is staff who constitute the weakest part of any security infrastructure, it cannot be solely the job of IT professionals to prevent costly data leaks during a digital transformation process. All parts of the organisation must be involved from the beginning.
Qhala complies with industry cyber security standards when it comes to building and deploying software and data products. We implement up-to date security policies internally and we evaluate our vendors thoroughly. We take the time to understand their security requirements and follow their guidelines, especially when it comes to security in the cloud.