Insider Risks Hamper the Digital Transformation Process

Digital transformation is the way forward for today’s work environment.

“Digital transformation and pursuing a cloud-first strategy is what makes business become more agile, allowing you to deliver more value to customers and go to market faster,” said Adam Gavish, co-founder and CEO at DoControl, in an email interview.

But for a digital transformation to be successful, it can’t only be about technology; employees must be included throughout the entire process. After all, this move also creates a transformation in corporate culture.

“There’s a challenge in navigating through digital transformation successfully; oftentimes you are flying the plane and building it at the same time—so employees play a critical role in making digital transformation a successful endeavor,” Gavish said.

But while employee buy-in is vital to the shift, their learning curve and the greater reliance on these new technologies throughout the company also brings an increased threat of insider risk, which could have a negative impact on the overall digital transformation process.

Security Risks in the Digital Transformation

For many organizations, the pandemic accelerated their digital transformation journey to keep business operations running when work forces went remote. But in this case, the need for speed meant making sacrifices in other areas—primarily in security. Typically, under-resourced and stressed security teams were scrambling to adapt to the speed of transformation, Claude Mandy, chief evangelist, data security at Symmetry Systems, pointed out.

“The biggest correlation isn’t necessarily an increase in risky behaviors, but a decline in the performance of secure behaviors,” Mandy said in an email interview. “This is most quickly apparent when looking at how organizations have turned a blind eye to how data is handled within their organization and how it is secured, particularly ensuring access to data is not granted if not required and removed when it is no longer required, i.e. dormant accounts.”

The rapid IT changes that took place pre- and post-pandemic inflated the soft spots and entry points for attackers to gain an initial foothold, Gavish added. “By introducing new systems, devices, applications, etc. to adjust for these new working environments, the threat vector widened over time.”

And by accelerating the adoption of even a partial digital transformation, one of the problems will be user behaviors that carry a higher level of risk. “Security needs to be a business imperative in the context of digital transformation,” said Gavish. “Putting in preventative controls and closely monitoring user behavior that elevates the insider risk threat profile is one way to mitigate this risk.”

Threats Caused by Insider Risk Hinder Digital Transformation

The insider threats that hinder digital transformation aren’t that different from insider risk in any other situation. The negligent user, malicious actors and compromised identities all hurt the adoption of new technologies because digital transformation initiatives impact almost every business unit.

“The risks that organizations can experience when executing a digital transformation journey is failure to learn and adapt, such as trying to take legacy on-premises security strategies and make them work for cloud infrastructure rather than trying to use built-for-purpose, cloud-native security solutions,” said Joseph Carson, chief security scientist and advisory CISO at Delinea, via email commentary.

For example, many administrators expect the defaults to be the best practice. However, that’s not always the case for cloud security. Nor does security by design always mean security by default. “It is always important to ensure that you’re choosing the right default configurations—whether this means security is on or off—it better not be off, as that is a recipe for disaster or a security breach,” Carson said.

Addressing Insider Risk

The digital transformation process, overall, needs a greater emphasis on security, but one thing that security and IT teams can do is ensure the threats aren’t coming from inside the company as technology changes are implemented. Security policies should always be clear, but especially so during this time when employees are learning new technologies and processes. Adoption of automated tools that can identify nefarious behaviors or detect unauthorized data access by monitoring user activities offer another layer of monitoring as security teams prepare corporate infrastructure for its digital transformation journey, and this will help ensure a smoother, more secure transition.

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 271 posts and counting.See all posts by sue-poremba