5 ways Digital Transformation Officers can make cybersecurity a top priority
Dmitry Samartsev and Daniel Dobrygowski
Embracing new technologies defines a company’s competitiveness on the market today, its efficient operation and its future development. As businesses go remote, many of them transfer their valuable data to the cloud – experts predict up to 60% will be using external provider services by 2022. This allows companies to tune internal communications, process and store larger amounts of data and deliver more value to customers.
The Digital Transformation Officer (DTO) plays the key role in managing the strategic approach necessary to successfully undertake such transformations. Part of that success means managing cyber-risk. In fact, the World Economic Forum, in its guidance to boards of directors, recommends that organizational design supports cybersecurity. The DTO has significant responsibility in making sure this important obligation is met.
The need for the effective cybersecurity is growing in parallel with the increasing digitalization of work processes. Over the past two years, many industries have seen a substantial rise in security incidents.
Unless a DTO pays sufficient attention to security, one incident may disrupt the whole strategy of a company’s transformation and future development, bringing enormous financial and reputational damage. For example, in 2021 the average cost of a data breach has risen to $4.24 million, the highest in the past 17 years.
The main challenge for a DTO is not only to take a company to new heights through digital transformation, but to ensure that transformation is sustainable. This means she or he must ensure continuity of the company’s processes and not let a single cyberattack disrupt operations. With that in mind, cybersecurity becomes an integral part of every digital transformation strategy.
We recommend DTOs consider the following trends:
1. Securing digital assets
Moving to remote work revealed a lot of challenges and new risks – one in five companies were not ready to ensure stable business processes in case of failures in their IT infrastructure. To stay on the safe side, a DTO should manage a detailed inventory of digital assets. This will point out the most important resources that require protection in the first place, be they data, network repositories or workplaces; it may also reveal a wide range of unaccounted assets that could appear during digitalization. BI.ZONE research shows that 60% of data leaks and 85% of network compromises are linked with such assets. These incidents may disrupt the company’s daily operations. To avoid that, the digital assets need to be accounted and secure.
2. Cloud security
Moving to cloud offers companies significant flexibility as well as potential security benefits. Still, there are certain challenges, most commonly when a company becomes dependent on only one cloud service provider, e.g. due to specific data storage formats. In the event of vendor lock-out – if the service provider goes bankrupt, leaves the market, or suffers a cybersecurity incident itself – all the company systems in the cloud will be unavailable. In light of these challenges, the DTO needs to have a deep understanding of how their company is using and securing the cloud. It is important to learn in advance what solutions and formats are utilized by the supplier, as well as their compatibility with formats by other vendors, and to assess the cybersecurity level of this supplier. A DTO can arrange this internally or hire third-party IT experts for help.
3. Developing skills to operate novel technologies securely
Recognizing the human factor in digital transformation may offer significant benefits. Digital transformation requires new skills both from technical and non-technical specialists. Human mistakes and lack of knowledge often lead to cyber-incidents, notwithstanding a company’s investments into expensive security means. BI.ZONE research shows 80% of successful cyberattacks utilize social engineering methods. Therefore, a DTO can reduce the risks of incidents by promoting regular trainings for every employee and top management on how to work safely in the new digital reality.
4. New approaches to cyber-incident management
If any crisis strikes, the company should be ready at all levels to keep the operations going. A DTO should work closely with the company’s Chief Information Security Officer (CISO) to improve and regularly update business continuity and incident response plans, and to promote regular crisis-management trainings for all company members, including the board. Also, it is important for a DTO to be aware of the latest trends, and to test and introduce new methods of incident management. For example, there are managed detection and response services that foresee proactive approach to threats, or threat intelligence for building better security. Smooth introduction of these approaches may require specific experience and supervision of experts.
5. Outsourcing cybersecurity tasks
As digital transformation is an ongoing process, these tasks are complex, require substantial investments and may turn out rather difficult for a company to deal with. Besides, businesses are facing a deficit of qualified personnel – the global shortage for cybersecurity specialists has hit 3 million. Today there are expert organizations that help companies to go through digital transformation securely. They possess the required experience and capacities, the expensive equipment and software, and are aware of the tendencies within the field. They can also help to address cybersecurity issues and avoid common mistakes.
Digital transformation is a challenging but manageable task. It is important for a DTO to work as a team with the CISO, senior leadership, and the board and to stay tuned with the rapid changes in business and technologies. Addressing all the elements in a cross-functional way and prioritizing cybersecurity will facilitate secure digital transformation and ensure your company’s stable development for years to come.