The Impact of Digitalization on Cybersecurity

Oliver Valentino, Head of Cybersecurity, Amar Bank

Oliver Valentino, Head of Cybersecurity, Amar Bank

Digitalization has become the main theme for change these past few years. Currently, everything is either “as a code” or “as a service”. These changes happened because of the global pandemic that significantlyaffected every aspect of our lives. By moving to digital space, a whole new risk is introduced to businesses around the globe.

Before the pandemic happened, some companies had already started their digitization effort to gain an advantage over competitors. So, now that digitalization is a must, a lot of people are already prepared to transform the business into a digital space. But are we ready to deal with cyber security?

Let us look at what cyber security is all about. A penetration test is where they do a manual security test at the end of the development or once a year, where they have to sign off every deployment. During tools administration, they place a security engineer for each tool and do administration to the tools, where the tools are expected to protect and monitor everything. We try to comply with or certified our process to meet certain security standards and check if it is good, bad, or enough and analyze ifthere are anyproblems with this setup.

The main problem with this arrangement is, security is not integrated into the business process. We, as security leaders, act as a gatekeeper and that’s it. So, are we helping them to achieve the security standard? Or are we just becoming an obstacle?

Cyber security has to evolve. We need more cyber security professionals that understand we are in the same boat as the other team. We need to start bringing value to what companiesthink is important.

Here are a few things that cybersecurity professionalsneed to startdoing.

Integrate Presence

We have to start integrating our presence into the business process, as a gatekeeper, and a navigator. Talk with your business and product team as early as possible. Initiate conversation, or ask to be involved as early as the ideation stage. State your concern regarding potential risk early on, and state that you need to be involved in the whole cycle, including penetration testing in the last phase, so they can plan accordingly. By involving in requirement preparation for the new product, give security recommendations that help developers as guiding posts when they develop their product, not the exact word-by-word limitation.

By doing this, they can feel cyber security presence as a friend instead of a blocker. We can help them navigate their development process toward a secure product.

Maintain the Same Speed and Agility

Security testing might take a long time to complete. Start adopting automation where low-hanging fruit can be easily found as early as possible. While manual testing needs extra time to complete, the cyber security team can do the planning, so the process can be completed without taking much time. The team can start understanding the product by learning their documentationon how you will conduct the test, and what the product and development team will have to provide. Keep in mind that the test is to be completed faster and smoothly.

Maintain the Same Technology Standard

Developers and technology have a high speed in their development research and technology adoption. We also need to learn and adopt this new emerging technology. While it benefits us to understand the new technology, it is also a huge benefit to the company. By keeping up with this new technology, we can also help our development process and guide them to adopt this new technology securely. This can give the business an advantage in technology adoption and will affect the service to the customer. So, we need to prepare. Keep doing research in new and emerging technologies, and joint research with a technology team where we can have the same direction in technology research.

A Complete Vision of What You Want to Achieve

A security checklist or security standard is a tool to help you achieve what you need. But sometimes this checklist is not suitable for your organization. As a cyber security professional, you need to have a vision of what you want to achieve by implementing certain security standards. It is okay to challenge the list and ask if this standard will bring me closer to our goals. You need to check all the lists to gain the certification or conform to the standard, but by understanding what this list wants you to achieve, you don’t have to follow exactly word by word but show that by implementing certain control, you can achieve the same result.

As a Cyber Security Professional, You Need to Have the Vision of What you Want to Achieve by Implementing Certain Security Standards. It is Okay to Challenge the List and ask if this Standard will bring me Closer to our Goals

Going Beyond the Limitation of Physical Space

Companies started adopting remote working, and data centers are no longer in the same building as the office. Critical systems have been moved to cloud platforms and we are no longer building systems but subscribing to digital services. A lot of these operations are no longer confined by physical space. Cyber security teams have to understand this and start to change their point of view to the important thing, which is to protect data and digital access instead of physical access.

In Amar Bank, as the pioneer of the digital bank in Indonesia, we prove our commitment to continuously maintaining its data and operational security. We continue to develop technology on its digital platforms. To be able to ensure that all of our digital platforms or systems are safe, we will continue to acknowledge and be actively involved in the development phases so that we have good knowledge regarding these technologies. Then, we will provide relevant prevention or protection and ensure Amar Bank’s and the users’ data security.