by Dr Shaun McAlmont, CEO of NINJIO
In one sense, the term “digital transformation” is outdated. Just take a moment to consider all the ways our daily lives have migrated online and how normal this has become – from video calls with friends and family to the ubiquity of cloud-based productivity tools.
But in another sense, it’s still true to say that we are in the middle of a rapid and wide-ranging digital transformation. Millions of people are still working remotely, the number of connected devices continues to rise, and the process of getting accustomed to these technologies is never-ending.
While this sweeping digital transformation makes it easier to connect with loved ones and get work done, it has also created innumerable vulnerabilities for cybercriminals to exploit.
From the profusion of Internet of Things (IoT) devices with rudimentary (or nonexistent) security software to the reliance on interconnected digital systems that can be hacked at many different access points, cybercriminals have an ever-expanding array of attack vectors to pursue. As new technology is released, new vulnerabilities arise.
As companies oversee their own digital transformations, cybersecurity awareness should be at the center of this process. Although employee error and negligence pose the most significant cyber-risks to companies, the development of an educated workforce is the best way to mitigate these risks and protect the company.
This process of cyber transformation has to be ongoing and consistent because the pace of technological change shows no sign of slowing down.
An accelerating digital transformation
The typical employee uses a dizzying array of digital services and devices on a regular basis. According to a recent Deloitte survey, the average American household has 22 connected devices, and 24% say they are “overwhelmed by the devices and subscriptions they need to manage.”
Meanwhile, 54% are concerned about the security vulnerabilities created by their smartphones, and 52% say the same about smart home devices.
These concerns will likely only rise in the coming years. McKinsey estimates that the IoT market could create between $5.5 trillion and $12.6 trillion in value by 2030, which means there will be a huge influx of connected devices in the world.
The cybersecurity implications of this influx are clear: hackers will have an unprecedented number of entry points, the digital line between work and home will continue to blur, and cyber awareness will be more important than ever.
Companies will need to figure out how to facilitate productivity while protecting their networks from intrusion across a much wider range of attack vectors.
Continuous digital transformation is unavoidable – it’s the only way companies can remain competitive as e-commerce continues to grow, employees demand greater flexibility in how and where they work, and the number of apps and devices surges.
But companies have to manage these shifts safely, which is why cyber transformation should be a top priority.
Navigating a new cyberthreat landscape
There are many ways the ongoing digital transformation puts companies at greater risk. When employees use a larger number of cloud-based communication and collaboration platforms (or rely on those platforms more heavily), they often share sensitive information in more places. The use of these platforms can also put account credentials at greater risk and provide access
to other networks and systems. These dangers exist even with security mechanisms such as multi-factor authentication (MFA) in place.
For example, hackers who recently infiltrated Uber and Rockstar Games used company Slack channels to steal sensitive materials and gain deeper access to internal systems. According to Uber, using a social engineering tactic known as “MFA fatigue,” the attacker sent multiple login requests to a contractor until one was eventually accepted.
This offers several lessons for companies: first, hackers have many effective strategies for circumventing security measures like multi-factor authentication. Second, third-parties can create serious cybersecurity risks for their partners. And third, widely used productivity tools like Slack and G-Suite are frequently implicated in cyberattacks.
What’s even more disconcerting is the fact that many apps and devices are less secure than the tools cited above, which are regularly updated with new security software.
Smart TVs, thermostats, appliances, and other IoT devices present a target-rich environment for hackers, and they can use these entry points to infect wider networks.
This is one of the many reasons home and office life has become increasingly interconnected for the purposes of cybersecurity.
Keeping your entire digital ecosystem safe
At a time when cybercriminals have never had more ways to break into your company and steal your data (or hold it hostage), it’s vital to implement a comprehensive and adaptable cybersecurity solution that can cover many attack vectors simultaneously.
With the endless proliferation of devices and cloud services out there, it’s impossible to keep track of every aspect of your employees’ ever-evolving digital lives. This is why companies have to rely on employees themselves to avoid dangerous behaviors and report potential threats as they arise.
For example, cyber-aware employees would never accept MFA requests they didn’t generate – no matter how many of those requests pop up on their phones. Instead, they would recognize that repeated requests are suspicious and report them immediately.
These employees would also be careful about what they share on internal platforms like Slack, and they would beware of unnecessary IoT devices that could give hackers access to their home networks (and put their work devices at risk by connecting to those networks).
Cyber-aware employees limit their exposure to cyber threats by always keeping their devices updated, sharing sensitive information on a need-to-know basis, and avoiding dubious third-party apps.
The cyber transformation requires companies to provide these lessons with engaging, digestible, and relevant content that employees will embrace.
As cybercriminals continue to identify and exploit new attack vectors, companies can only hope to fill these security gaps with educated employees who are aware of those vulnerabilities as well. This is how your cyber transformation will stay one step ahead of your digital transformation.