Digital transformation was one of those buzzterms I heard both at RSA and during my post-conference conversations. There’s a lot of exciting changes happening on the digital front—AI and ML taking on bigger roles in organizations, 5G on the near horizon, whatever the next innovation in IoT might be.
We know all this technology and connectivity is a security nightmare, but there are still some who are convinced that the digital transformation is also a transformative experience for cybersecurity.
“This new hyperconnected digital era will create an impression of stability, security and reliability,” said Steve Durbin, managing director of the Information Security Forum (ISF). “However, it will prove to be an illusion that is shattered by new vulnerabilities, relentless attacks and disruptive cyberthreats.”
Last week, ISF released its “Threat Horizon 2021” report, and in bold letters, the report immediately announced, “The digital illusion shatters.” The three main takeaways of the report illuminate that premise:
- Digital connectivity exposes hidden dangers.
- Digital cold war engulfs business.
- Digital competitors rip up the rule book.
The Impact on Cybersecurity
It all sounded ominous, so I decided to ask Durbin for some insights on how the digital transformation appears to be shaping up to be a cybersecurity nightmare. After all, most of us see these advanced technologies as a good thing. However, Durbin said all of these digital additions also provide more opportunities for cybercriminals. Threats will become more tailored, specific and potentially damaging.
But digital transformation will have a positive impact on security, too. Durbin predicted an increase in nation-state attacks that will force a more collaborative approach to threat intelligence and threat response between public and private sector. “In addition, the advent of AI and machine learning and the very real ways that such systems can create a more challenging environment for attackers of all descriptions may allow security professionals to re-address the balance in favor of the defender,” he said.
The Transformation Threat on the Horizon
One of the threats that jumped out at me was listed under that third theme: Rushed digital transformations destroy trust. “Organizations will rush to undertake overly ambitious digital transformations in a bid to stay relevant, leaving them less resilient and more vulnerable than ever,” according to the report.
“Digital transformation is now top of the challenge list for many businesses and operating in the digital world is increasingly a matter for effective management of risk,” said Durbin.
This, then, will require a shift in focus for organizations, where the challenge now will be to recognize how cybersecurity can drive organizational growth and development. As the digital transformation continues to mature, organizations will need a greater awareness of their cyber-risk and build their security solutions so they are a fundamental part of digital success.
“Organizations must prepare for the arrival of such technologies by understanding how they will be used,” said Durbin. “Those that get it wrong will find themselves compromised, their operations disrupted and reputations damaged.”
He also predicted that quantitative risk assessment increasingly will become the norm for organizations seeking to justify security investments in an environment of increased volatility. “Few security departments are in a position to address successfully all of the cybersecurity challenges and prioritization around protecting critical assets—the organization’s crown jewels—will be essential,” Durbin added.
Overall, organizations will have to respond the fact that cyber is not an IT or a purely technical issue and that operating in the digital world is the new business as usual.
“While good cyber hygiene, IT security and operational risk management will continue to be core to being safe in the digital world, cyber is now a business issue and any mitigation and preparation for the risks of the digital world will fail without the buy-in and ownership of business leaders,” Durbin said. “The onus will fall on them to identify the critical business assets that must be protected and to make the protection of the organization an integral part of their business strategy and implementation plans.”