Is a lack of cyber security the single biggest threat to companies’ digital transformation efforts?
Based on the latest data, South African organisations are under near constant attack from enemies abroad and even within. Data shows that South Africa is the sixth-most targeted country for cyber crime, ahead of major economies such as France, Germany and India.
From ransomware attacks taking down R2 trillion investment companies for nearly a week to data breaches disrupting court proceedings and child maintenance payments, South Africa is in a fight to fend off severely damaging cyber attacks at every turn.
While South Africa, long considered the most developed of the African economies, is a perennial target, other countries across the continent are not spared. So severe is the danger to countries across the continent that African diplomats headed to the US in January to discuss a new proposed UN treaty to tackle cyber crime.
When cyber criminals successfully attack organisations, they can lock companies out of critical systems, halt productivity, cause data loss, reveal confidential information, compromise employees, partners and customers, and damage reputations.
In an era of unprecedented digital transformation, a successful attack could prevent organisations from adapting to new challenges – for example, enabling hybrid work models or implementing new digital customer channels – and cause devastating financial losses.
New security paradigm
The switch to hybrid and remote work models has added new complexities to data security. Twenty-odd years ago, organisations were hard at work putting up perimeter security controls that covered corporate systems and employee devices as well as physical security by means of access cards and the like.
The extension of the corporate network from an initial few remote access endpoints to the masses of employees that were forced to adopt remote work at the onset of the pandemic has increased organisations’ risk profiles.
The pace at which organisations had to update their infrastructure – and the general extent of such changes – has created potential gaps in their security layers that open doors to cyber attacks.
Mass adoption of cloud infrastructure and the growing prevalence of hybrid and multicloud environments have further compounded the complexity of security design.
Insider threats also remain a concern: with everyone accessing corporate data from anywhere, any time, the temptation to earn some extra money by sharing sensitive information with would-be attackers represent a real threat.
In response, organisations should enhance their security and data access policies and capabilities to track what data is accessed, by whom and how often, right down to the attribute level of that data. For example, applying machine learning to mine access and usage logs could help security teams build behavioural models that may indicate when there is a potential breach due to internal threats.
Undermining digital transformation
Without sufficient data protection, organisations will not be able to enjoy the full benefits of their data and business transformation efforts.
With the amount of systems and processes undergoing digitalisation, and the growing adoption of cloud infrastructure, any compromise could cripple the organisation and potentially lead to heavy financial damage. In addition, the cost and risks associated with breaking even the most arbitrary regulatory requirements are severe, especially as they pertain to data protection.
For companies investing in the acquisition of data-driven decision-making capabilities, the sheer amount of rich data being generated to drive business processes and bring transparency to the company’s operations is a veritable goldmine for attackers. Protecting that data, whether on-premises or in the cloud, is critical to maintaining the data integrity that is essential to enabling effective data-driven decision-making.
Here, the benefits of digitalisation can quickly be outweighed by the risks of a company’s own digital tools and capabilities being used against them. In the worst-case scenarios, a data breach at one organisation could expose its clients to further attack or expose vulnerabilities in their security.
An example of this is the SolarWinds hack in early 2020, when attackers compromised the security of the US technology firm and then proceeded to use the access they gained to spy on other cyber security companies and government departments that were customers of SolarWinds.
Urgent action needed
So, how do organisations protect their digital transformation efforts from cyber attack?
Firstly, know that data protection is a mammoth task due to the complexities it introduces to an organisation’s landscape. Robust policies must be developed and implemented to ensure there is an enabling environment for any cyber security efforts.
Secondly, organisations need to come to terms with the myriad tools and technologies available that can offer various forms of protection, including against ransomware, malware, phishing, data loss and insider threats. Special care needs to be taken to ensure any cloud-based data or services are protected as these often fall outside of the traditional security perimeter.
Business continuity and disaster recovery tools can help organisations recover critical data and systems more quickly following a successful cyber attack and can restore productivity while minimising the disruption to the business.
Implementing regular cyber security awareness training gives companies a relatively low-cost way to build a so-called human firewall around critical systems, making employees a first or last line of defence against attack.
Adopting processes that range from encryption, anonymisation, masking, attribute access control, data discovery and classification, policy enforcement and auditing can also minimise the risk to the organisation and provide precious layers of additional security.
Finally, utilising best-of-breed technologies to address security vulnerabilities can help companies avoid costly and time-consuming efforts to build such tools in-house.
Collaborating with a specialised partner that understands the broader threat landscape and can provide insightful guidance on data protection best practice can reduce the time it takes to improve cyber defences and more quickly protect critical systems and data.
Considering the seismic changes rippling through the business world, no company can afford to delay their digital transformation efforts.
It is vital that IT teams put security at or near the priority list for any digital transformation efforts. Leaving such efforts vulnerable to attack could cause untold damage to the organisation, its employees, its customers and its reputation.