Thank you for Subscribing to Apac CIO Outlook Weekly Brief
Editor's Pick (1 - 4 of 8)
Digital Transformation: Bane or Boon for Cybersecurity?
By Ramesh Munamarty, Senior EVP - Technology & Innovation, International SOS
Concerns about such devices being hacked, turned into botnets, and used to attack targeted computers and organizations are growing as well. • Application vulnerabilities: Application Development teams should share the responsibility of CyberSecurity with the Infrastructure and Security teams as a number of new vulnerabilities are being exposed through applications and the development team is responsible for hardening and securing applications. Self-defending apps are being created with advanced access-control capabilities, allowing them to react to malicious source-code modifications and debugging at runtime. Encryption is being built-in both for data at rest and in transit. It is not all doom and gloom for the Security Professional. Digital Transformation has brought several boons as well. There is increased awareness at the C-level and Board on Security issues and additional funds are beingallocated to build security into Digital Transformation. CIOs are using this opportunity to strengthen the posture and shore up the infrastructure plugging the holes and strengthening the weak links. In addition, there is an increased need to be compliant and organizations are willing to spend money to be compliant on certifications/regulations such as PCI-DSS, HIPAA, GDPR and also respect data sovereignty requirements by countries such as China, Russia, UK, Germany, Australia etc. Compliance mandates are driving 69% of security spending, 33% are mandates from the Board and 29% responding to a security incident from another organization according to 2018 IDG Security Priorities Study where respondents could choose more than one factor. The other key advantages in addition to awareness and funding are that Security has moved beyond IT to business operations and enterprises are even making security a competitive differentiator. Security is integral to the adoption of innovative technologies and newer technologies and embedded into Software Defined Networks (SDN) to provide seamless and secure access to data. Enterprises are leveraging Digital Transformation to rearchitect their platforms and integrating systems to create a unified security architecture. Threat intelligence is being shared across the organization and across multiple companies, additional safeguards are being put in place in the network, systems and applications and a significant portion of security operations are being automated and monitored 24x7 leveraging modern Security Operation Centers (SOC) and Network Operations Center (NOC). Since digital transformations are spreading data across diverse environments and are created connected value chains, vulnerabilities can rapidly spread and cause millions of dollars of damage and significant reputational impact. C-level executives and the Board have to adopt a proactive stance and make it a regular agenda item during Board meetings to review security. The following measures can be taken by enterprises to reduce risk across 10 areas in the digital landscape - Strategic, Technology, Operations, Third Party, Regulatory, Forensics, Cyber, Resilience, Data Leakage, and Privacy: • Secure Maintenance/Patching - Review Common Vulnerabilities and Exposures on a monthly basis to assess risk. Proactive and Timely Patch Management. • Application and Custom Code Security: Harden Applications and strengthenDevOps. Leverage source-code security scanning tools to identify vulnerabilities in programs. • Encryption: Develop and deploy consistent encryption both at-rest and in-transit • Network Security: Segment the network with separation of high-security areas and privileged access. • Operating Systems and Database Security: Restrict database-access and provide dedicated security requirements for all Operating Systems. • Front-end security: Secure configuration for clients and mobile endpoints with appropriate access control lists and Identity Access Management • Communication Security – Use encrypted communication such as SSL, TLS and secure RFC • Security Operations Center – Monitor security audit logs and all systems especially for critical applications and users. Automate cyber-security practices and use the SOC/NOC to monitor. • Training and Awareness –Build training programs and create phishing simulated attacks to improve security awareness and drive change across all employees in the organization • Integrated Security Systems –Integrate security systems and/ or have a single pane of glass improves visibility across the larger attack surface. • Sharing Threat Intelligence –Share threats across the enterprise as soon as they are detected • Business Continuity: Define emergency, backup, and disaster recovery concepts to ensure business continuity. Prepare end-to-end fallback systems for critical processes and applications. Digital Transformation is leading to Security Transformation and as with all transformations, change management across all levels is imperative to make sure enterprises are prepared in today’s environment where attacks are becoming more sophisticated and attack vectors and surfaces are increasing. Enterprises need to be agile to adapt to the changes in the threat landscape and respond quickly and effectively.