Rushing digital transformation may help enterprises survive the pandemic, but only if the accompanying rise of cyberthreats is also strategically-addressed.
Intricate digital transformation processes may already have been in place before COVID-19 struck, but across the duration of the pandemic, the timelines of these plans were greatly-accelerated as social distancing measures came into place. In order to reach out to customers, businesses had to explore digital means, such as online websites or apps to make up for restrictions on physical contact.
Digital transformation (DX) has provided customers with better, more-personalized experiences and conveniences. Likewise, for businesses, going digital provides benefits such as more-efficient work processes, and helps businesses reduce their environmental impact. DX also removes geographical limits, allowing businesses to operate across borders with fewer impediments.
However, moving away from the benefits, digital transformation also comes with risks that need to be addressed. The McAfee Labs COVID-19 Threat Report has found that the uptick in digital across the COVID-19 pandemic was accompanied by a 630% increase in external actors targeting cloud services, with the greatest concentration on collaboration services like Microsoft 365—tools essential for remote-working. A separate survey had also found that phishing and distributed denial-of-service (DDoS) attacks peaked in 2020.
Accelerated DX, accelerated threats
Going digital is not a process that can be completed overnight, and it can span years with no tangible end as technology keeps improving. The tech stack of a business will continuously change as technology develops, as applications and functions are replaced and changed. A hasty approach with little regard for planning may see businesses falling prey to threats, or being stuck with vulnerable, legacy digital infrastructure that is difficult to replace.
Cyber threats undermine businesses, disrupt services, and phish for sensitive information that can be used in future. As customers become more wary of their digital security experiences, a bad, or even harrowing incident may cause them to lose trust in a brand, effectively undoing the very progress that DX is supposed to bring.
In order to gain the full benefits of going digital transformation, businesses need to acknowledge and move to mitigate risks, regardless whether they are in the advanced stages of their DX journey, or are just starting out.
Businesses today are no stranger to the importance of cybersecurity. National cybersecurity watchdogs in each country, for example, the Cybersecurity Authority of Singapore (CSA), would already have outlined the process of security-by-design and the importance of conducting risk assessments for critical information infrastructure (CII).
A threat landscape with no precedence
Today, risks need to be navigated with much more dexterity than before, as the most dangerous threats are not those that already exist, but those that are new and undocumented. As history loses relevance in this field, risk assessments need to be comprehensive, and also cover specific threat events, vulnerabilities, assets, consequences, and the appropriate amount of risk tolerance in the DX journey.
At the same time, businesses need to move beyond the bare minimum of compliance-oriented assessments: ticking off boxes on a checklist is effective only on paper; not in practice.
Complacency is the enemy, especially against a rapidly-evolving threat landscape. In order to mitigate risks in digital transformation, businesses need to constantly be on their toes and in touch with the latest cybersecurity developments. Security-by-design is a framework that recommends each planned addition to a tech stack should be accompanied by a risk assessment. It also mandates that the implementation of relevant cybersecurity measures and solutions to ensure that the application is secure against threats.
In their rush to transform, businesses need to keep security-by-design principles in mind to ensure that the components of their stack are watertight.
Beyond planning and preparation, more needs to be done. Digital transformation also entails the upskilling and education of employees to be ‘on the same page’ as the organization. As part of their training, cybersecurity and potential pitfalls must also be addressed to minimize the possibility of human error. At the same time, through initiatives cascaded from the top—such as leaders walking the talk, or through consistent training sessions—a business can create a culture of security. Each and every employee should grasp firmly the importance of cybersecurity.
Businesses can also consider engaging a cybersecurity solution from a trusted vendor that will be able to guide and provide expert advice on digital initiatives and cybersecurity matters as threats evolve.
For example, the vendor should protect data from device-to-cloud, and prevent web-based and cloud-native threats that are invisible to the corporate network.
While DX may have been rushed, the benefits of going digital transformation provides returns that businesses need to improve further planning, assess potential business risks, and prevent incursions from cyber threats.