Digital transformation: 4 post-pandemic security priorities
Businesses are at a crossroads on their journey to recover from the COVID-19 pandemic. Budgets are tight, but sizeable investments in digital transformation are needed. Companies continue to face the complex challenges associated with enabling a remote workforce, shifting their business model to overcome supply chain disruption, or embracing a new digital platform for the first time.
For many companies, the rapid adoption of new technologies to support these transformation initiatives – full-stack cloud, virtual desktop interfaces, identity-based segmentation, and more – has left little time to test new processes or fully address the new threat landscapes they are now confronting.
Vulnerabilities and risk exposures with existing systems within the organization must be proactively remediated from the start, prioritized by the level of threat they pose as well as the value they would add in enabling the adoption of new technologies. Companies are increasingly seeing cybersecurity as non-negotiable – inseparable from digital transformation.
Here are some thoughts from my team on how and why the following focuses in cybersecurity will pay off, and where cyber is headed in the coming months and years.
1. Build trust internally
Integrating the security function into the larger business will create an environment of trust internally as well. To succeed, executives must:
Indicators from our latest Digital Trust Insights Survey are encouraging, with more than 50 percent of CISOs and CIOs reporting an increase in their communication with the board and C-Suite.
2. Build trust with consumers
As the pandemic has moved so many aspects of work and life online, consumers are increasingly expecting an additional emphasis on cybersecurity and responsible data use. Companies will need to demonstrate that their investments in cybersecurity infrastructure and data storage and collection will be able to meet this growing consumer demand.
Beyond that, organizations will need to show how they not only met but exceeded the bare minimum required by regulators in order to win over consumer trust. And lastly, data privacy and security are increasingly becoming priority items in most organizations’ ESG agendas. The only way to make all this happen is to integrate security protections into all aspects of the business.
3. Build trust with regulators
Good cybersecurity is also a matter of compliance, as regulators increasingly demand more transparency and proactivity. CISOs should be working with legal and public communications teams early and often to help build the narrative for regulators on how their data collection and storage methods go beyond expectations for protecting consumer and employee privacy.
The extent to which CISOs can demonstrate to regulators that they are operating securely and transparently will determine how they are regulated in the years to come.
4. Build resilience for the next crisis
Security teams were often not included or brought in late for past digital transformation projects, leaving both the teams and their companies underprepared and unequipped for the massive operational shift that came with COVID-19. The companies that incorporated security into their pre-pandemic moves are faring best in today’s environment.
As companies continue to accelerate into the cloud to facilitate remote workforces and provide agility and scalability quickly, security teams will need to work double-time and in tandem with teams across their organizations to catch up, first acting as risk mitigators for rapid digital transformation and eventually turning into business enablers whose impact will be felt long after COVID-19 has passed.
These teams will help build resilience by finding answers to the following questions, in preparation for the next crisis:
In uncertain times, cybersecurity remains a constant
CISOs, security teams, and companies face an uncertain economic future, an increase in cyber threats and vulnerabilities due to remote work and forced shifts to online platforms, and a quickly evolving regulatory landscape. Through all of this, the trust of their customers, employees, and regulators is at stake. For these reasons, even as resources become increasingly scarce, investment in cybersecurity has never been more important.
Organizations that commit to robust and integrated cybersecurity capabilities will find it to be a differentiator, positioning them as safer and more trustworthy than their competitors. But most importantly, a strong commitment to cybersecurity will enable companies to emerge stronger and better prepared to handle future large-scale disruptions.
Author: Sean Joyce
Source: Enterprise Project