Security Challenges in the era of Digital Transformation
By Carlos Sousa, CISO, Affidea
Digital transformation is having a significant impact on technology, from data-driven decision-making, risk management frameworks, cloud adoption, mobility, massive explosion of Internet of Things and the impact goes far beyond of just deploying new solutions. Moving from “nice to have” to “need to have”, this will push there-assessment of established business models and processes for organizations that want to drive innovation and better business outcomes.
From the previous mentioned re-assessment, technological, strategic, cultural (behavior/awareness) changes will be required to enable the integration of business systems with IT, enabling strong data-driven decisions.
As organizations adopt new technologies and business processes, security issues are growing exponentially. Based on the last security report “Security implications of Digital transformation,” 85 percent of the CISOs said security issues during digital transformation had a “somewhat” to “extremely large” business impact.
I see the rapid adoption of new technologies, especially IoT and multi-cloud environments, increasing the attack surface and the number of entryways into a network or environment. That is why, the organizations need to have: change management processes, lifecycle management, risk management framework, integration across their security solutions, complete visibility into user, system, and network behavior.
Digital Transformation On a Resilient Way
Different vendor and bench marking organizations have stated that in the past two years the average organization has sustained an attack that resulted in data loss or compliance issues. However, should be also mentioned that several organizations that experienced breaches did not suffer any data loss, compliance issues, or outages due to previous preparation and risk driven security strategy in place.
When looking at the organizations that secured their data and prevented unpleasant situations, different approaches come out as best practices:
• Integrate systems to create a unified security architecture
• Make sure you have the basics in place – patch management
• Share threat intelligence across organization and partners
CISO’s, invest into building a meaningful and rewarding environment for your team, in the end they are the ones making the difference
Medical records are a hot commodity on the dark market, being one of the most searched assets for cyberattacks.
For us, at Affidea, as a Pan-European healthcare provider, the focus on patient & employee safety is key, adopting these best practices is part of our guidelines. This enableus to embrace digital transformation while minimizing risk exposure and compliance issues.
“Being Compliant vs Being Secure”
Digital transformation created a focus on privacy protections and greater compliance requirements, while regulatory bodies have established more rigorous rules and guidelines to protect data privacy. I see a great opportunity for organizations to build trust.
The companies that can embrace and comply with this new legislation (e.g. GDPR ) will send a strong message about protecting the data privacy rights of their customers.
Another big transformation that impact the way the business is being managed, is the need of understanding why being compliant is not the same as being secure.
Compliance does not equal security — it’s a snapshot of how your security program meets a set of security requirements based on a specific framework at a given moment in time. Without a complete and active security program, handshake with a solid compliance plan, any organization is at significant risk of being breached.
Cybersecurity versus Cyber-resilience
When we speak about CyberSecurity, if we plan ahead and prepare, we can minimize risk and mitigate its impacts. Talking about electronic systems, it’s time to drop cyber-security and start talking about cyber-resilience. Being resilient means having the capacity to rapidly contain the damage and mobilize the diverse resources needed to minimize the impact on direct costs, business disruption or brand damage.
Going forward, security must be holistic and automated from the outset rather than pieced together over time because TRUST is Key!