BreachExchange mailing list archives
How digital transformation changes security needs
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 16 Jan 2019 07:00:29 -0600
https://www.information-age.com/digital-transformation-changes-security-needs-123478114/ Digital technologies are transforming the business world. Growing numbers of companies are adopting internet-of-things (IoT) devices and moving more of their data into cloud environments. The advent of these technologies is also causing firms to reimagine traditional business models and innovate new ways to leverage data for growth. While the digital transformation presents a range of opportunities to today’s companies, it also brings challenges. Some of the most prevalent are the evolving security needs that come with expanding one’s digital presence. According to a recent survey by Fortinet, 85% of chief information security officers view security issues related to digital transformation as having a somewhat to extremely large effect on their companies. The digital transformation is altering security needs in some fundamental ways. Here are some of the changes to be aware of. Expanded attack surface The more applications, data and processes move into the digital realm, the more opportunities there are for hackers and other bad actors. There are more potential points of entry, making it difficult for cyber security professionals to catch all vulnerabilities and keep track of all threats. There’s also the potential for hackers to move laterally through a company’s network once they gain access to one system. This means a network is only as secure as its weakest point. The situation is made even more challenging by siloed security products, which limit visibility into the network. Higher potential for damage The potential for damage due to a data breach or hack is also greater than it has ever been. Data is extremely valuable to businesses today, and more devices are now internet-connected, meaning they could be hacked. Some of these devices and technologies are involved in critical activities. An event in which a cyber attack disrupts some of these activities could have severe implications. For example, the energy grid, hospital equipment and vehicles all now have digital components. Also, the more heavily an organisation depends on digital technologies, the more damaging an attack could be. Uncontained enterprise networks In the past, many businesses had contained networks and hosted all their IT equipment on-site. Some businesses, especially large ones or those that handle especially sensitive data, still do this. Most companies, however, use some sort of digital applications and may host their servers in the cloud. This means these companies’ networks are not contained and have connections to the publicly accessible internet. While these networks should have protections that restrict access, the use of digital technologies does introduce the potential for hackers to break through these defences and access companies’ networks. Constant change Digital capabilities and other technological improvements have increased the speed at which developers can create and update software. The technology of today changes rapidly, and while this provides benefits, it also makes it more difficult to keep up with security processes. This increased speed of change makes it easier for security vulnerabilities to slip through. Cyber criminals are also continuously coming up with new methods, meaning security professionals need to work constantly to come up with new ways to provide protection. Increased sophistication of attacks Not only are the techniques of hackers changing rapidly, but they’re also becoming more sophisticated. Cyber criminals can use artificial intelligence and other advanced tech just like security professionals can. One type of AI-enabled attack, called a polymorphic attack, is a significant challenge. These types of attacks can morph to avoid detection by traditional security solutions. Cyber security solutions for the digital transformation What changes should those in charge of cyber security make to account for the effects of digital transformation? Here are a few suggestions: - Integrate security systems: Integrating security systems helps improve visibility into a network and aids in managing a larger attack surface. - Build in security: Use applications and devices that have built-in security. If building an application, make strong security settings the default option. - Provide training to staff: Skills gaps related to digital technologies and cyber security can open up companies to threats. Provide regular training to IT and cyber security personnel to boost performance. In addition, train other staff members in how to recognise emails from scammers and avoid exposing data to threats. - Perform regular testing: Conduct regular penetration testing to uncover potential vulnerabilities and opportunities to improve security. - Automate cyber security practices: Incorporating automation into security processes can help companies continuously monitor for threats and expand cyber protections, even with limited personnel and resources. - Share threat intelligence: If information about a potential threat is uncovered, share it across the organisation so everyone can take steps to minimise risk. The digital transformation is changing the way businesses operate. One of the areas it’s transforming is cyber security. There are now more potential cyber threats than ever before, and attacks are becoming more sophisticated. Protecting against these threats requires a proactive, continuously integrated and automated approach to cyber security. It also requires companies to adjust their strategies as the threat landscape continues to evolve. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- How digital transformation changes security needs Destry Winant (Jan 16)