What is the relationship between digital transformation and cybersecurity? Is cybersecurity helping or hindering the acceleration of digital transformation? Are the two topics related, or are they merely orthogonal, in the modern enterprise?
Let’s start at the beginning. The term ‘digital transformation’, often referred to a simple DX, likely sounds familiar because it has been widely used since the 1990s. Over time, its implied definition has changed. Today, Gartner defines digital transformation as “the process of exploiting digital technologies and supporting capabilities to create a robust new digital business model.”
That definition is a bit of mouthful; let’s unpack it. The process of ‘exploiting digital technologies’ is self-evident. However, the key is organizations have to continuously invest and innovate in new digital technologies because technology changes so fast. Think back ten years and you might pat yourself on the back with how advanced your technology stack was. But if you remained stagnant, you would today not be using the cloud, tablets, smartphones, smartphone apps, smart cars, streaming media, social media, IoT, AR/VR, etc. The concept of creating a robust digital business model may be a bit elusive, but the risks of not doing so are clear according to McKinsey “Our research and experience show that businesses that are slow to digitize struggle to remain competitive.”
Thus, it is not surprising the leading analysts and C-Suite executives alike think that digital transformation and cybersecurity are inextricably intertwined. As Forrester Research writes, “As businesses become more digitized and interconnected, the impact cyberattacks have on brand value, customer trust, and physical safety increases.” That analyst views was validated by a 2018 survey of 300 security leaders commissioned by networking vendor Fortinet. Their survey found 92% of CISOs said DX has a large impact on business and 85% said that security is the biggest challenge to DX efforts.
Here are some examples of where advances in digital transformation are increasing the risks for cybersecurity.
More Opportunities for Attacks
With the growth of applications, big data, artificial intelligence, multi-cloud, etc., so too have the opportunities for hackers, attackers and other bad actors to do bad things. The breadth of attacks vectors – the attack surface as it is called – has increased substantially with the growth of digital transformation making it more difficult to provide countermeasures. The increased attack surface means that hackers can infiltrate an organization’s environment, move horizontally or laterally through it, or linger for months watching and waiting until the optimum time to strike. The latter example, known as an Advanced Persistent Threat (APT), is particularly difficult to detect and mitigate.
The Dollar Cost Impact in Increasing
With an ever-growing attack surface, the financial liabilities have also increased. According to a 2018 research study by IBM Security and Ponemon Institute, the average cost of a data breach is $3.86 million, up 6.4 percent from last year. The average cost, globally, for each lost stolen record containing sensitive and confidential information is also up from last year, at $148 per record which is a4.8 percent increase from 2017.
Public Safety at Risk
Of course, not all attacks can be quantified in monetary terms. But the disruption to business and government operations are potentially more damaging when the public good is put at risk. For example, Greentech media reported Russian hackers obtained access to the U.S. electric grid last year by penetrating the networks of key vendors that service power companies. Officials said that hackers working for Russia could have caused blackouts in a long-running campaign to get inside U.S. electric utility control rooms, the Wall Street Journal was first to report. The Department of Homeland Security (DHS), said that attackers “got to the point where they could have thrown switches” and disrupted the grid.
Containers, Kubernetes, Serverless, Multi-cloud technologies, etc., have accelerated the rate that enterprises can innovate, create new products and services, and otherwise engage customers. But these rapid changes, the eventual goal line of digital transformation for modern organizations, makes it challenging to keep up with the security landscape. Clearly, digital transformation comes a greater reliance on digital data systems which are targets for bad actors. A digital transformation strategy needs to incorporate a robust and actionable cybersecurity strategy, as these two concepts are very much married at the hip.
Share this Post