The role of cyber resilience in digital transformation

Perspectives on digital transformation (DX) have changed dramatically over the years. It was once regarded as the Holy Grail of business growth and more of a destination than a journey, but is now unquestionably an ongoing evolutionary process that seeks to deliver greater efficiencies and enhanced services to businesses.

In the age of the new normal, it has come to represent all the ways that companies can deliver better business results by moving their systems, processes and data in a direction that is more connected and provides a more intimate customer and partner experience.

Increasing levels of stakeholder connectivity and brand intimacy are fundamental to the outcomes expected from successful DX programmes. Today it is conventional wisdom that if organisations don’t evolve, their growth, profitability and customer-satisfaction objectives will be negatively impacted.

In short, digitally transforming is a critical business need for virtually any organisation that intends to achieve success over the long run. Whilst DX is front and centre of most businesses’ strategic planning, it cannot be embarked upon without placing concurrent emphasis on security if company assets are to be protected.

Adapt and evolve

Yes, businesses need to evolve and adapt if they are to drive key outcomes, but cyber resilience refers to a company’s ability to deliver an intended outcome continuously and intelligently, despite adverse cyber events. It is a developing perspective that is rapidly gaining recognition. The concept essentially brings the areas of information security, business continuity and organisational resilience together.

The pace of adoption of DX and cyber resilience has been significantly increasing over the last several years and has now accelerated again due to the Covid-19 pandemic. The remote working explosion has introduced different work-from-home requirements with concomitant changes in consumer behaviour to predominantly online purchasing patterns have brought a huge shift in the way companies manage their systems and processes and a corresponding change in how we need to secure them.

The proliferation of the Internet of Things (IOT), being driven by 5G advances, are key drivers of the pace of adaptation necessary in a hyper-connected world, with every appliance, machine, camera or car streaming real-time data which will be used by companies to provide an even higher level of intimacy and personalisation.

The focus for cyber resilience must be able to evolve and match this accelerated pace of change to ensure businesses are delivering the desired level of customer service and security to stakeholders.

Fortune favours not the brave but the adaptable

According to Gartner best practices need to be followed in order to create a resilient, scalable and agile cybersecurity strategy. They go on to recommend that successful organisations need to develop risk-based cybersecurity programmes to support business agility and resilience.

Gartner notes that by 2023, 75% of organisations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from fewer than 15% today. They say a resilient cybersecurity strategy is essential to running the business while protecting against security threats and preventing data breaches and other enterprise cybersecurity threats.

Existing cybersecurity frameworks such as NIST and MITRE provide great guidelines for information security teams, however, given the rapid acceleration of the pace of change associated with DX, the ability to adapt is paramount.

Historically, IT systems, processes and security, have been managed in the same way for many years with customer data being housed only on a few systems, meaning that IT tools were static and security meant anti-virus, firewalls and passwords. But DX has changed many aspects of IT with layers of IT growing exponentially. As new applications are introduced, customer data is now found in many new places as infrastructure is increasingly distributed across public and private clouds and internally managed data centres.

Focus on the outcomes

From a security perspective, this puts companies in a more difficult position when it comes to compliance with data privacy regulations such as PoPIA and other industry regulations. The added complexity for most CISO’s is the difficulty security teams have finding and retaining the right talent which is exacerbated by the new ‘houses’ everyone finds themselves in. Amidst this unfamiliar landscape, the requirements for cybersecurity are stressed in new and different ways, which force CISOs to focus on key outcomes such as:

  • Knowing where all the business-critical data is and how it’s being used, shared, stored and protected.
  • Giving users just enough access to do their jobs and govern privileges in real-time.
  • Securing and continuously testing, scanning and hardening all applications.
  • Detecting insider and advanced threats in real-time while responding and recovering from breaches automatically.

Successful resilience

The emergence of data science and the ability to implement unsupervised machine learning offers a new way to think about the evolving security posture. Being able to intelligently adapt as businesses increase focus on protecting identities, applications and data in unison can help deliver optimised results, which in turn enable organisations to keep pace with change.

In my second article on cyber resilience I will focus on PoPIA and GDPR and the importance of data security.