Although National Cybersecurity Awareness Month only comes around once a year, the importance of elevating cyber awareness and sparking discussions about how to remain cyber aware should not be contained to just a month.
The reason being: digital transformation. Businesses across all industries are embracing technology at a greater speed than ever before. In fact, 64 percent of respondents in a recent RSA report said their organization is “extensively engaged” in a digital transformation project.
Behind innovation, though, lurks risk. Organizations are embedding technology into all facets of their business operations, but a hyper-connected environment introduces new and complex risk challenges.
It’s important to understand that risks today come in many forms. While cyberattack risk may be top of mind for many, there are also risks that are introduced through new data privacy regulations, third-party partnerships and more. The unwanted and unexpected risks that come from digital transformation can be interpreted as digital risk. To this end, organizations need to “Own IT. Secure IT. Protect IT.” – a timely theme for National Cybersecurity Awareness Month considering the state of business risk.
Make Risk Management a Business Enabler
Organizations are relying more on their tech stack, but that doesn’t mean all technologies are inherently secure. With the threat of digital risk looming, it’s critical to understand how each technology works, what systems it has access to and what data is being created through its use.
In a digital economy, data is the new currency exchanged between consumers and businesses. It’s a resource that is often unseen but carries monumental consequences if left unsecured. More than one-quarter of businesses say that unmanaged risks would have a negative consequence on their customer relationships and could also impact brand reputation, future viability and regulatory compliance.
With growing attention on data privacy regulations, organizations must be increasingly mindful about how they store and manage personally identifiable information (PII). Unfortunately, the increased pace of digital adoption is forcing some security and risk teams to compromise traditional norms. In fact, more than a quarter say that implementation of a digital transformation project will happen so quickly that there won’t be enough time to assess and implement proper risk management controls. This spells trouble for the future as the fallout from a single security incident could impact a business long-term or close it entirely.
To avoid this fate, security must be viewed as a business enabler. The organizations that will thrive in a digital world are those that involve security and risk teams from the start and align with C-suite leaders to ensure the business impact of unmanaged risks are understood.
It’s a Blessing and a Curse
Digital technology has greatly influenced daily life in countless ways, offering new opportunities for people to communicate, connect and share information. While these advantages can be viewed as a blessing, there is a dark side to innovation.
Today’s adversaries have access to the same technologies that you’re embedding into your IT infrastructure. Malicious actors have no limitations and are not worried about following protocol. With this mind, security and risk can no longer be an afterthought.
When it comes to building physical structures, the first thing an architect addresses is physical security. Digital adoption should be no different. Initiate conversations between the CISO or CSO, the IT department and business leaders from the start. While everyone at the table may not understand pentesting or what an APT attack is, help them understand the potential impact by quantifying risk in terms of actual dollars and cents. Consider illustrating recent examples of large-scale data breaches as a way to establish “shock and awe” before offering a strategy for how to manage the growing challenge of digital risk.
More Partners, More Problems
It’s not just the IT landscape that’s expanding in your organization; your partner ecosystem is also multiplying.
The complexity of third-party risk will not be simplified any time soon. Consider that gig employees, agency partners and supply chains are all elements of your network. Because these relationships are often managed in a silo, there’s also the challenge of inadequate third-party governance. In this state, “shadow” third parties and “islands of identity” – the result of user identities stored in multiple places without a unified control – are becoming more commonplace.
A lack of visibility and governance could lead to fraud and theft, business interruption, reputational damage and data breaches. The challenge of third-party risk escalates as more third, fourth and Nth parties gain access to networks, apps and critical data – including customer records, intellectual property, patient records, strategic plans, financial data and more. Unfortunately, the current method for governing Nth parties and resources is not sustainable and needs to be addressed as a critical business risk.
Although the challenge is daunting, organizations cannot afford to show indifference. Reports of data breaches almost daily mean that more consumer information and data is available to malicious actors. The consequence of poor cyber hygiene has been showcased in recent phishing attacks that have brought major cities to a standstill.
As the number of risks facing your organization multiply, it’s essential that cybersecurity be viewed as more than just an IT concern. When addressed strategically as a business risk, it can help your organization innovate and adopt new forms of technology without exposing consumers to potential harm.
Don’t wait until next October – start a conversation among business leaders and security and risk practitioners now to ensure your business is ready to grow and thrive in today’s connected world. Re-examine digital risk in your organization and take immediate steps to “Own IT. Secure IT. Protect IT.”
Angel Grant, CISSP, Director, Digital Risk Solutions, RSA
Angel Grant is Director of Digital Risk Solutions at RSA, overseeing the digital risk management solutions that address the risks that organizations are encountering as they weave digital technologies deeper into their business operations. Previously, Angel led the go-to market strategy, planning and execution for the Enterprise and Consumer Authentication, Identity and Access Management, Anti-Fraud and Threat Intelligence product portfolios. She has more than 20 years of experience in the security, eCommerce and financial services industries and is a visionary leader with a passion for developing security solutions to protect against cybercrime and make our digital world a safer place.
Kelvin Coleman, Executive Director, National Cyber Security Alliance
Kelvin Coleman is a dynamic cybersecurity leader with two decades experience in high-stakes cybersecurity posts at the White House, the U.S. Department of Homeland Security (DHS) and in the private sector. As NCSA’s executive director, he is responsible for leading organizational growth; facilitating strategic partnerships and alliances with government, industry and nonprofits and acting as NCSA’s primary spokesperson.