As organisations across the board embrace technologies such as the Internet of things (IoT), big data, cloud, and mobility, security becomes more important than ever. But in an era of digital transformation, perimeter security simply cannot be the focus, instead, protecting data spread across systems, hardware, and the cloud needs to be a priority.
“Attackers are always looking for a gap, and this broad, ever-growing attack surface is a huge opportunity for them,” says Simon Campbell-Young, MD of Credence Security. “The attack surface has become so wide, it is getting harder and harder to defend beyond the company perimeter.”
He says many organisations are overwhelmed by the scope and sophistication of today’s modern threats, and simply don’t have the expertise and systems in place to adequately address them. “Cyber crooks are becoming increasingly ingenious, always on the look-out for new ways to achieve their ends. Research suggests that the majority of companies have experienced a breach in the last year, and many of them aren’t even aware that this has happened.”
According to Campbell-Young, core to addressing risks and threats brought about by digital transformation is building security into applications, and interconnected devices, right from ground up. Digital technologies are reinventing the way organisations operate, and manage tasks from ERP and CRM, to top decision making. This automation and streamlining of operations are driving innovation and agility, but is also significantly increasing cybersecurity risks.
The sheer volume and the value of information has never been higher than it is today. However, alonside this, end points are increasingly vulnerable, particularly in light of the slew of IoT devices which are flooding the business, but have not necessarily been designed with security in mind.
“As IoT’s reach extends from consumer devices to the largest critical infrastructure systems, attacks grow in frequency and complexity. IoT devices are being deployed in every industry and business, from healthcare and financial services, to nuclear plants, and automobile manufacturers.”
He says this is why there needs to be a focus on data as well as applications. “The IT department is used to controlling access to the company network and systems, but digital transformation is seeing a slew of new applications, devices and connected environments, which perimeter protection cannot hope to defend.”
Much in the same way as the data it needs to protect, security needs to be rethought and redesigned if it hopes to keep pace with digital transformation and support today’s dynamic environments. It must have sight of every device on the network, and every application.
Businesses must able to keep an eye on, and safeguard data as it moves across a complex and distributed environment, from IoT, across the network, and into the cloud. The threats, risks and other security issues that go hand in hand with digital transformation are driving a need for information security to be a part of the transformation conversation from day one, to drive a better understanding between technical and the business.