Thank you for Subscribing to Apac CIO Outlook Weekly Brief
Digital Transformation and the Cyber Security Conundrum
By Demetris Booth, Head of Regional Product Marketing(APAC), CISCO Systems
Everywhere we go today, business insiders talk about Digital and the advantages they see for their business. It’s hard to find an industry event where Digital is not a top of mind talking point for most attendees. Digitisation is happening everywhere, to virtually every business in every industry. The question many businesses are forced to ponder is, 'are we ready for it?' In Security, we always say it is not a matter of 'if', rather 'when' you will be hacked. Well, when it comes to Digital, it too is not a matter of if it will happen. It comes down to when it happens to your business and your industry, will you not only be ready, but will you be securely ready? Being able to say yes to this will ensure your business not only survives, but also thrives in the Digital Economy. This means taking advantage of new opportunities to create a more dynamic and fluid business services for your workforce and customers.
New opportunities created via Digitisation bring new risks for cyber attacks. This has created a situation of constant risk for organizations not seen at any other point in our lifetimes. Digitally enabled businesses utilize Mobility and Cloud, they co-develop and/or co-sell with business partners and they use data and analytics to deliver on-demand, real-time services and experiences in B2B & B2C. As a result, the amount of entry points into an organization with lax security measures is dangerously open, which is a great opportunity for cyber criminals. As we increase our connectivity and create new services, we dramatically expand the attack surface. The new digital infrastructure combined with a lack of focus on Security measures aid the cyber criminals in compromising privacy and security.
The silver lining for security practitioners and CISOs is that, in general, security has been elevated to a boardlevel discussion. Accountability starts at the top, and therefore, has a better chance of enacting real change. In the first half of 2016, Cisco Systems published a ‘Cyber security as a Growth Advantage’ study where we surveyed more than a 1000 global decision makers and found 48% very concerned about security breaches, while 39% were moderately concerned with security breaches.
As the number of cybersecurity breaches rapidly escalates, it is now a terrifyingly regular occurrence for the admissions of millions of compromised records to be made public or sold for profit to other criminals.
“Cyber Security in the Digital Economy is the bridge that connects Digital Innovation to Business Growth enablement”
Security for the Digital Economy must take a top-down strategic approach, heavily influenced at the board level and driven by the C-Suite. It must be all encompassing, expand beyond traditional reactive measures, and include Business Asset Analysis, Risk Management, and Cyber security Policy Frameworks. This means creating programs that build security awareness for internal staff, a process that evaluates and prioritizes critical assets, and technology to provide robust contextual awareness for complete visibility to understand impact of current and future threats.
Digitization requires a dramatic shift away from how we think about business today, and security must be the driver or enabler that ensures Digital businesses increase their security posture, reduce their risk exposure, and deliver positive business and customer outcomes. And this is where having a robust Cyber security strategy is required.
Lack of a strong cybersecurity strategy can impact a company’s innovation and growth because it hinders development of digital offerings and business models. The ultimate goal of any Digitally-Inspired company is reducing risk and increasing agility, and most executives agree that security is foundational in this process. Achieving maturity means having a strong strategic program that gradually walks an organisation from Secure Digital Novice to full Secure Digital Disrupter
There are numerous International Cybersecurity frameworks and guidelines like ISO 27001/27002, NIST, and others that address critical issues like Risk Mitigation, Security Governance, and Cybersecurity Policy and Strategy that serve as detailed guides to developing these programs. A strong Cybersecurity strategy creates a deep level of awareness and accountability, while defining and refining internal processes that identify critical digital and digitally-affected assets. They should, ideally, be evaluated against categories that include, but are not limited to: asset priority & value, risk assessment, brand value assessment, investment assessment and threat response and recovery planning.
A well-defined strategy is easily measurable and repeatable, with well-defined outcomes through an ongoing enterprise-wise review process. Achieving these outcomes delivers a crisp and clean state of Digital Business and Security Readiness, which facilitates proactive decisions based on driving business value, rather than reactive based on fear and embarrassment. Digital businesses recognize the connection between strong security and faster innovation, and are more likely to have a strong cybersecurity strategy in place to ensure digital readiness. Security-aware digital enterprises are more prepared than their peers to address cyber security challenges. As a result, these enterprises boldly integrate digital technologies into their business processes and offerings to maintain their competitive advantage through faster innovation.
Cybersecurity in the Digital Economy is the bridge that connects Digital Innovation to Business Growth enablement. Effective security is the only security that allows today’s senior executives and board members to rest easy at night. So, it makes sense to ensure that your enterprise is securely ready for Digital Transformation.
CISCO Systems (NASDAQ: CSCO) is a San Jose, United States based networking and cyber security company providing solutions for small, medium, and large enterprises, as well as service providers. It is incepted in 10th December 1984.