What digital transformation means for cyber security
Since the year 2000, 52% of Fortune 500 businesses have gone bankrupt, been acquired or ceased to exist as a result of digital disruption. Today, if an organisation is unable to keep pace with digital disruption its very existence is at threat. What’s more, unlike many previous business challenges, digital transformation is not a one-off event. Rather, it’s an unfolding process that changes over time as new technologies emerge that lead to new business models and modes of differentiation.
As Accenture, a management consultancy, puts it: businesses are operating in an environment that can be thought of as ‘post-digital’ – not because digital transformation had concluded, but because it is now simply the price of entry into any given market. Firms must now differentiate through continual transformation and look to meet customer demand moment to moment.
It is therefore of little surprise that the vast majority of organisations –in both private and public sectors – are pushing ahead with ambitious transformation plans. In a recent Nominet survey of cyber security professionals, 100% of respondents said their organisation was either developing, implementing or completing a digital transformation strategy. Digital is now the only game in town.
The security conundrum
Digitally transforming an enterprise to a point where it is capable of continual innovation is a huge prize, but it also brings with it a range of challenges, particularly when it comes to cyber security. In the digital age, organisations can no longer hide behind the security of their perimeter walls. Instead, they must open up digitally to partners, suppliers, IoT devices and even competitors in order to create the seamless, customer-centric services people increasingly demand.
It’s a necessary process, but clearly one that’s keeping enterprise security teams awake at night. According to one 2018 study, 85% of Chief Information Security Officers believe that security issues stemming from digital transformation have a ‘somewhat’ or ‘extremely’ large effect on their companies. This aligns with our own research, which found that security professionals are more likely to select cyber security as one of the top three risks of digital transformation – ahead of concerns such as budget (41%) and having a technology infrastructure that’s too rigid (40%).
More digital means more risk
The challenge facing organisations is that as a greater number of applications and systems move into then digital world, the more opportunities there are for cyber criminals to find vulnerabilities. Similarly, as organisations become more reliant on data and interconnected systems spread across partner ecosystems and supply chains, the damage caused by a system take-down or other security-related disruption is much bigger than at any time in the past. And, of course, businesses are also facing increasingly severe financial penalties for data breaches through regulations such as the General Data Protection Regulation, the EU’s flagship data law that imposes non-compliance fines of by to 4% of turnover.
In the context of the latter, it’s understandable that the majority (60%) of the security professionals we spoke to said that the exposure of customer data is their key security concern around digital transformation. However, other key challenges such as the increasing sophistication of cyber criminals (56%), the increased threat surface (54%) and visibility blind spots (44%) also scored highly. With digital transformation and security, it seems, there are as many threats as opportunities.
When is the right time to think about security?
As with all major technology shifts, the issue of cyber security in digital transformation initiatives requires sound risk management. Doing nothing isn’t an option; a business that prioritises security over connectedness and digital innovation will quickly fall behind the market. Conversely, a firm that transforms but fails to adequately protect its digital assets will lose the trust of customers and also fall behind. Indeed, according to one UK study, as many as 66% of consumers would stop doing business with a brand following a data breach.
In light of how much is at stake, you would think that security would be the first and last consideration of every digital transformation practice, but in reality, this isn’t always the case. In our survey of enterprise security professionals only around a third (34%) said that their organisation considered security from the outset (i.e. when developing their digital transformation strategy). For the remainder, security either was addressed during the pre-implementation stage of the initiative (28%), the implementation stage (27%) or even post-implementation of the digital transformation strategy (9%).
Retrofitting a security response
While considering security from the outset might be considered best practice, it is by no means the only way businesses can ensure they have in place the right security posture to protect their organisation as it digitally transforms.
Indeed, the very fact that an organisation has digitally transformed makes it well placed to further leverage digital technology; in this case to enhance security. This is because digitally transformed companies find it easier to connect with external partners and integrate third-party capabilities into their in-house systems. These businesses will be able to quickly integrate the security tools they need, while drawing on an ecosystem of security partners with expertise, skills and industry knowledge. Significantly, thanks to the adaptability and flexibility of modern, digital enterprises, new security capabilities can be integrated rapidly, at low cost and with minimal disruption to ‘business as usual’.
How Nominet can help
Through our NTX platform, we provide enterprises with a way of reducing risks on their network and eliminating threats before they cause harm, regardless of where they are in their digital transformation journeys.
We do this though the analysis of DNS traffic. Often overlooked in the security stack, DNS traffic is a critical source of enterprise information that can be used to check for threats and monitor the health of a network. NTX analyses network DNS traffic for both known and unknown threats. Embedding our patented algorithms means we eliminate threats from the network and identify zero-day activity not seen by traditional methods of detection. This narrows the window when malicious activity can compromise your network.
Significantly, the NTX platform can be installed at any point in a digital transformation project and deliver the same immediate protection to devices, systems, and data. This can be exceptionally useful in cases where it has not been possible to consider security at an earlier stage. With NTX, firms can backfill their security holes and ensure that they can move forward with their transformation initiatives while reducing risk.
Case Study: Haas F1 Team
Haas F1 Team CIO, Gary Foote, talks about the digital transformation journey and the risks associated with it in the video above.
One of the key points is that NTX’s protection is applied immediately, so it can be deployed late in transformation projects as well as being designed in from the start. All networks use DNS extensively, so NTX protects any device as soon as it is connected, regardless of operating system or purpose.
In fact, one imperative of the Haas F1 way of working is to allow staff to connect their own laptops, tablets etc. (a ’bring your own device’ model, or BYOD). The NTX implementation quickly found previously unknown malware on some of the personal Android devices that had been brought in.
To find out how your business can have the same fast, immediate protection that Haas F1 now enjoys, arrange your no-obligation demo today.