FINAL WORD
“
TO MANAGE DIGITAL RISK IN
AN ENVIRONMENT THAT IS GETTING
INCREASINGLY COMPLEX, WE NEED TO
WORK SMARTER, NOT HARDER.
may have just looked after your network
perimeter and stored all your critical data on
physical servers; that has all changed. Today,
even financial services organisations will be
using cloud to some degree and the number
of applications that rely on customer data
have exploded. The perimeter has also
expanded; some would say that there is no
perimeter anymore. An enterprise cannot
exist in a vacuum. Successful organisations
have evolved into hybrid beasts that are
reliant on technology providers and partners
to exist and operate. It’s not enough to just
protect your own, the threat from within can
often be an external partner that you have
welcomed into the fold.
Added to this, with so much change
happening across enterprise networks, it is
harder than ever to determine what is good
versus bad; is a network anomaly being
caused by a malicious actor, or is it just a
harmless consequence of a new system
upgrade? Either way, ultimately, the attack
surface and opportunity for hackers to find
a weak link in the chain is dramatically
increased. The threat landscape is evolving
too. Hackers are constantly looking for
ways to evade detection; building malware
that appears innocent to security scanners
or exploiting zero-day vulnerabilities that
are yet to be made public. The tasks of
protecting our organisations from external
and internal threats grows every day, so
we need to mirror our adversaries and
work smarter rather than harder, to defend
against them.
Speed is essential to diffuse issues
Digital Transformation is creating so many
new doors into the enterprise that it is
almost impossible to ensure that nothing
gets through. It is increasingly likely that
your organisation has been breached – you
just don’t know about it. By assuming that
you have already been breached you can
refocus teams on finding the threat within.
Speed is of the essence here. The longer the
86
INTELLIGENTCIO
Chris Miller, Regional Director – UK & Ireland
at RSA Security
dwell time – i.e. the time that an attacker
has access to your systems post-breach – the
more damage they can do testing systems,
inserting back doors, and exfiltrating data.
Therefore, it’s vital to find them quickly.
Once a threat has been identified, the
pressure is on to fix the problem fast as
well. IT ecosystems have become hyper-
connected and work at hyper-speed, so
when something goes wrong the ripple
spreads like wildfire. If systems are
taken offline, then the disruption to the
organisation can be very painful, disrupting
customers and partners and creating huge
cost and reputational damage. Once the
news goes public, the clock is ticking to
provide answers – what data was affected?
How did the hackers get in? What else
did they do when they had access to
systems? Being able to get answers to these
questions quickly could make the difference
between a disaster and a bad day.
Four step guide to managing
digital risk
While this paints a rather gloomy picture,
we shouldn’t throw in the towel just yet.
Yes, Digital Transformation will create risk
but there are also huge business benefits.
The important thing is to be aware of the
risks and create a digital risk management
strategy that limits your exposure by:
1. Understanding your risk exposure:
Knowledge is key to identifying and
prioritising cyberthreats. You can
manage risk more proactively if you build
a clear picture of the criticality of your
assets and how a cyberattack on these
would impact business operations.
2. Bringing security into the fold: Your
security team can’t protect what they
can’t see. Including security teams in
your Digital Transformation projects will
help to head off potential issues at an
early stage and ensure that the team is
aware of all the risks and threats that
they need to monitor for.
3. Knowing your data: Many Digital
Transformation projects are very
data-reliant, which brings inherent
risks; particularly if it’s customer
data. Knowing what data is the most
important to the business and how it is
being used will help teams to prioritise
security and ensure that the company
crown jewels are protected.
4. Turning down the noise: Security
teams are under pressure to tackle
threats and while technology is only one
piece of the puzzle, it’s an important one
and should be continuously reviewed
to ensure it’s keeping up with the
adversaries. Rolling out new tech such as
automation, AI and Machine Learning
can help find and automatically respond
to attacks, which reduces the noise that
analysts must deal with.
Securing success
In order to manage digital risk in an
environment that is getting increasingly
complex, we need to work smarter, not
harder. While a hyper-connected digital
environment is good for business, it can also
amplify digital risks. For every new business
opportunity, we need to remember that
there’s a new opportunity for malicious
parties too. Creating a digital risk strategy
will help your organisation to anticipate
the hazards and put in place procedures to
handle the unpredictable, helping to ensure
your Digital Transformation is a success. n
www.intelligentcio.com