Is digital transformation a victim of COVID-19?

Cybersecurity risks must be addressed, if you wish to go forward.

The COVID-19 pandemic and increasing digital transformation efforts further threaten organizations’ systems, applications and data security.  What more can you do to protect yourselves?

Digital transformation initiatives and projects are underway in a majority of organizations, as leaders look to use digital technologies to create new — or modify existing — business processes, culture, and customer experiences to meet changing business and market requirements. They are working to reimagine their businesses in this digital age.

Financial services companies such as credit unions and banks place much of their digital transformation focus on service delivery and customer experience, but enterprise-wide processes, including back-office processes, are impacted too and are getting increasing attention.

Now, however, the COVID-19 pandemic is putting growing pressure on organizations to expand their digital transformation efforts to include work from home (WFH) processes to allow for continued operations in a “social distancing” environment.

But WFH means many more endpoints and many more “inadequately secured” network access points. With the use of video conferencing tools like Zoom, Microsoft Teams, and Google Meet growing, and with the use of less secure network connections growing, there are security implications that chief information security officers (CISO) are rushing to address – especially for their remote employees, as an increase in collaboration application usage and remote access means a larger attack surface for threat actors to target.

Cybersecurity risks and resistance to change are among the biggest digital transformation challenges to businesses.

According to the UK’s Nominet (a cybersecurity firm providing threat detection and prevention solutions) CISOs, CTOs, and CIOs see security as the number one challenge to moving forward successfully with their digital transformation initiatives.

Of the 274 CISOs, CTOs, and CIOs recently surveyed, Nominet found that cybersecurity risks led the way in topics that trouble IT leaders.

Top concerns of CIOs, CISOs, and CTOs when it comes to digital transformation projects:

  1. Increased cybersecurity risks (53%)
  2. Rigid technology infrastructure (40%)
  3. Legal, risk management and/or compliance concern (36%)
  4. Budget (34%)
  5. Resistance to change/risk aversions (32%)

It’s no surprise that cybersecurity is the top challenge to digital projects.  Respondents listed their top security concerns as exposure of customer data (60%), cybercriminal sophistication (56%), and increased threat surface (53%).

“With digital transformation you have to be sure that when you’re bringing in new applications, security is considered from the outset,” Nominet’s CEO shared in a press email. “More than this though, in a digital transformation project, the real trick is to manage the security considerations of legacy and new applications simultaneously.”

But the pressure is on enterprise security teams to deliver.

“We saw 2 years of digital transformation in 2 months”, Satya Nadella, Microsoft CEO.

“Enterprises’ cybersecurity teams are in the midst of an intensifying storm: Technology challenges are growing more complex, and the speed of business continues to increase along with the number of cyber threats companies are facing”, said one chief security officer responding to the survey.  He went on to say “Security is being put under immense pressure to keep up, and if it doesn’t, we’re the ones to blame. We need to keep up or we just get left out.”

Now is the time to address rigid thinking, narrowly focused budgets, and the security compromised by them.

In a previous article, we discussed the difficult, ongoing task CIOs and CISOs face working to protect their environments from malicious malware.

The difficult, ongoing task remains. Unfortunately for CIOs and CISOs, WFH and other broad network access initiatives are making the environment even harder to protect.

So, what can you do?  Well, as discussed in the previous article, you can work to broaden your focus, to include a vision that promotes “stopping malicious malware from working once it lands in your environment.” Again, why? Well, because none of your AV software, your whitelisting solutions, or your dreams of artificial intelligence/machine learning superspeed solutions can deliver certainty that you will not be violated, at great financial and reputational cost, by sophisticated criminals using fileless malware.

Digital transformation is not going to stop, or slow down.  It will not be a victim of the current pandemic. But your organization’s online digital behavior is changing and your work going forward should and must include addressing the “blindspot” in your cybersecurity. You will be more vulnerable than ever because of your larger attack surface and you must do more than fight to keep the gate closed or rush around to monitor your network. You have an opportunity to stop the worst of malicious malware in its tracks – you need only abolish rigid thinking and too narrowly focused budgets (focused on “more of the same”) to inoculate your organization from the compromised security too many companies have simply surrendered to.

Greg Crandell

Greg Crandell

Greg Crandell provides strategy, market planning, business development, and management consulting to financial technology firms and their clients – Credit Unions and Banks. For more years than he wishes to admit, ... Web: queryconsultinggroup.com Details