- Security TWENTY
- Women in Security Awards
Widespread digitisation sweeps through almost every aspect of our lives. Digital transformation takes digitisation one step further, integrating technology into each business area — including improving operations, refining the customer experience and fostering a more cyber-aware workforce, writes David Lello, pictured, Chief Information Security Officer (CISO) of Burning Tree, an information security consultancy.
And although digitisation was underway before the COVID-19 pandemic hit in 2020, many organisations — from universities to food delivery companies — were forced to ramp up this process and embark on total digital transformation in response to new remote working requirements and changing consumer behaviour. So much so that the adoption of technology sped up by three to seven years in the space of mere months as organisations raced to implement the latest software.
But simply adopting new technology or software into your business is not enough to keep pace with competitors. For a fully integrated digital transformation to succeed, IT professionals and business leaders must ensure security is built in at every stage — or risk falling foul of increasingly sophisticated cyber attacks.
When a business undergoes digital transformation, its IT becomes the central hub for all its operations. Digital transformation will look different for every business (and even vary between teams within the same company) but generally involves a complete rethinking of how organisations operate using technology.
Digital transformation might mean investing in IT departments, building a new mobile application or e-commerce site, or implementing DevOps or Agile programs to improve system functionality. Whatever the case may be, the point of digital transformation is to embrace the improved agility, scalability and flexibility that modern technology has to offer to automate critical processes and make a business more efficient as a whole.
Without adopting technologies such as the Cloud or the Internet of Things (IoT), many businesses of all sizes and sectors will struggle to keep up with the demand for digital, as physical legacy systems become outdated and unable to support growth. In fact, what was once considered best-in-class adoption speed, even just a few years ago, is now slower than the average for most businesses.
An effective digital transformation will allow a business’ IT to contribute to offerings and generate revenue — not just prop up existing functions. Plus, by streamlining processes and building the infrastructure necessary to do so, technology can improve communication, customer service and, most importantly, security. But only if security is built in from the outset…
When can digital transformation threaten security?
In a rush to get the newest technology and software online, many businesses make cyber security an afterthought — leaving them and their customers vulnerable to attack. In the past year, there have been a staggering number of cyber attacks in the UK alone. Microsoft’s Exchange servers were famously corrupted in 2021, claiming at least 60,000 known victims around the world before the breach was detected. Even schools have fallen victim to hackers, such as six schools in the Isle of Wight recently compromised by a ransomware attack.
And it is not just the large corporations at risk; small and medium-sized enterprises (SMEs) are regularly subjected to hacking attempts. Around 65,000 attacks are carried out every day in the UK — approximately 4,500 of which are successful.
So, as IT infrastructures grow in size and companies lean on cloud-native technology for daily functions, new systems must have the capability to identify and mitigate security risks at an early stage of software lifecycles. Otherwise, application vulnerabilities could introduce an unacceptable amount of risk and prevent a system from keeping pace with changing threats and developments, negating the purpose of implementing new technologies in the first place.
Therefore, effective digital transformation must involve a complete overhaul of how businesses think about security — from educating a more cyber-aware workforce to securing the appropriate budgets for IT departments and cyber security software.