In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation.
What are the most common cybersecurity risks organizations face during digital transformation? How can they integrate security measures into cyber-physical systems to mitigate these risks?
Just as in all technology projects, digital transformations require changes in the three broad areas of people, process and technology – and the technology aspects are generally the easiest to achieve. One top reason is that the companies who sell new solutions generally have a well-documented roadmap to achieve success, which includes some level of data capture and mapping to the new architecture.
Conversions from old database formats to new, as well as old applications to new ones and perhaps moving from on-premise hardware to cloud solutions, are generally well-understood and common across many industries. Nevertheless, cybersecurity options are vital in each of these steps. It’s essential to pay attention to the choices being made regarding encryption, privacy and identity management.
Which brings us to the hardest part of digital transformation. The people and process areas. While there are many steps that organizations can take to train staff, redesign processes and transform workflows, cybersecurity can be left out of these changes. Ensure that repeatable cybersecurity processes are implemented, including updates to areas such as access controls, incident response plans, backup and recovery, vulnerability management, end-to-end change management and other aspects of operational security.
With the growing reliance on technologies like AI, IoT, and 5G, what considerations should businesses make to balance innovation and security?
First, security must be top of mind as all new technologies are planned. As you innovate, ensure that security is built into deployments, and options chosen that match your business risk profile and organization’s values. For example, consider enabling the max security features that come with many IoT, such as forcing the change of default passwords, patching devices and ensuring vulnerabilities can be addressed. Likewise, ensure that AI applications are ethically sound, transparent, and do not introduce unintended biases.
Second, a comprehensive risk assessment should be performed on the current network and systems environment as well as on the future planned “To Be” architecture.
Third, leverage AI for proactive cyberthreat detection. AI can help identify anomalies in large datasets or network traffic patterns that might indicate a breach or attack.
Finally, partnerships are key. Do your homework with the solutions you are considering. Ensure that these vendors follow strong security practices. Ensure that the products and services that you are implementing do not introduce vulnerabilities into your systems. If there are known risks, build a plan for risk reduction / remediation. Develop a supply chain management plan to assist in these efforts.
How does digital transformation drive organizational change beyond technology, such as in leadership or operational models?
Employees at all levels who embrace digital transformation and apply tools to data will perform their jobs more efficiently. This positive change can lead to greater empowerment, as employees gain access to real-time data, (AI tools, and automated systems that help them make decisions and improve their productivity).
Digital transformation also encourages organizations to rethink their product and service offerings. Many companies are shifting from offering physical products to providing digital solutions or services that are scalable and can be continuously improved through software updates or AI. Federal, state and local government are also rethinking customer service and how they deliver services to constituents. For example. Montgomery County, Maryland has reimaged how they serve citizens with their Monty Chatbot, which can answer questions in over 140 languages and solve many problems in less time.
One more. Digital transformation often requires breaking down silos and creating more cross-functional teams. This shift leads to flatter organizational structures where decision-making is more distributed, and teams are empowered to work together more fluidly. For example, IT, marketing, and operations teams may collaborate more closely to implement digital strategies that improve customer experiences and operational efficiency.
What are the essential skills or competencies that leaders need to manage cybersecurity during this shift?
In a digital world, the pace of change is more rapid than ever before, and the pace of change is only accelerating. Leaders must be more agile, data-driven, and capable of making faster decisions. This trend leads to a shift away from traditional hierarchical decision-making models to more decentralized, collaborative approaches where data and insights empower teams at all levels.
Digital transformation also demands leaders who are not only technically adept but also visionary in guiding their organizations through change. Leaders must be able to inspire a digital culture, align teams with new technologies, and drive strategic initiatives that leverage digital capabilities for competitive advantage.
Finally, leaders must be life-long learners who constantly update their skills and forge strong relationships across their organzation for this new digitally-transformed environment.
How do you see the intersection of digital transformation and cybersecurity evolving over the next few years?
I see digital transformation becoming the norm for most enterprises, and organizations needing to reinvent themselves every few years as the pace of change accelerates and AI becomes a part of every business function.
Cybersecurity will increasingly be seen as essential to business continuity. The rapid move to remote work, cloud computing, and mobile platforms has made security a core component of organizations’ ability to maintain operations in an increasingly digital and decentralized world.
Finally, with the growing adoption of cloud computing as part of digital transformation, securing cloud infrastructure and applications will become a top priority.