How cybersecurity can become immune system of a company’s digital transformation
Digital technologies like the Internet of Things (IoT) will add US$14 trillion to the world’s 20 largest economies by 2030. That’s one fifth of the current world GDP.
There is no doubt we face a digital future. But in Kenya many businesses are held back from fully realising digital transformation because of a lack of a robust and agile IT security policy.
The question on many CEOs minds is: ‘How do I bridge the gap between innovation and security?’
1. Don’t be alarmed by headlines
Headline grabbing cyber-attacks are on the rise. This is deterring some businesses from adopting new technologies like cloud computing that accelerate digital transformation. But, these new technologies are built around safety, security and privacy. Trusted technology brands spend millions of dollars on security.
Microsoft, for example, spends $US 1 billion on security every year. This is far more than most businesses running a traditional IT server could ever afford. The fact that banks are leading the digital revolution, particularly in the Middle East and Africa where customers demand innovative and mobile banking services, is a sure sign of trust. In the Middle East, 100% of medium-sized banks are ready to adopt a mobile technology this year. And 65% of banks are implementing private cloud technology now or are planning to deploy it within 12 months.
Sub-Saharan Africa accounts for 53% of all mobile money transfers in the world. In Kenya, US$36 billion in mobile transactions are conducted each year.
Gartner also estimates that between now and 2020, 95 percent of cloud security breaches and failures will be the fault of the customer rather than the provider.
2. Ready your business for change
It’s not just the IT department that must adapt, but the entire organisation. A new Capgemini report refers not to digital readiness, but digital dexterity. This is an organisation’s capacity to self-organise to deliver new value from digital technologies.
Firstly, consider how the IT department operates. Security should no longer operate as a siloed IT function, but as a fundamental business process that is aligned to business objectives. It’s critical that businesses embed security across their entire network, applications and access points to detect, analyse and block suspicious behaviour.
3. Manage employees
Even if you have the most watertight systems and processes in place, a lack of security awareness among employees can be a serious risk.
“Most breaches today are the result of simple mistakes by employees clicking on rogue links in emails, downloading malicious attachments, or simply not following security policies and training lessons,” says Paul Fisher, research director of Pierre Audoin Consultants, which conducted research into the role identity and access management play in digital transformation.
4. Update existing infrastructure: cloud helps security meet agility
Digital transformation touches everything. The Internet of Things, which means that software sensors are connected to ‘things’ including machines, buildings and tools, are enabling these things to learn and adapt with human-like intelligence.
Many industries and companies are adopting this model to beat competition. But IoT means infinitely more data being stored, and more employees with access to sensitive information.
A solid IT infrastructure will determine the capacity to ensure that all this data, and these ‘things’ can be controlled and managed centrally.
Organisations may think that strong security measures through processes and systems mean they have to forefit agility. This is not true. With an intellgient cloud server you can be both agile and secure. The intelligent cloud is able to follow automated rules that reflect a company’s security policies. Setting regular storage updates and automatic security updates means there is less pressure on human capacity.
More than 80 percent of attacks target a known vulnerability that could have been prevented with an existing patch. Cloud computing enables the latest patches to be delivered to your IT system every day, or as soon as a new vulnerability is detected. Trusted cloud vendors offer the most up-to- date security, Microsoft for example is home to a 24-7 incidents response team, a digital crimes unit, and encrypts all data in transit between you and our data centres.
An organisation building their own secure data centre could spend up to US$1 million to set up, not to mention the amount of skilled staff that would be needed 24-7 to run it. With cloud, this is all taken care of by the vendor who can afford the best experts in the field, providing customers with a scalable, pay-as- you go model without the worry.
5. Play a role in educating the public
In addition to managing their own security, companies have a role to play in creating a more trusted internet environment for everyone. Ultimately a digitally competitive company needs digitally savvy consumers with a high level of trust in the digital world.
Companies have an opportunity to partner with the public sector to educate citizens on policies and legislation affecting cyber-crime, in addition to establishing security principles and commission studies to identify factors that increase online risks.
Companies should pledge to be transparent with customers’ data, and organisations should share threat intelligence. This is being done by banks, which have a high level of sharing with their competitors.
To learn more about a secure transition to the digital world visit the following:
Microsoft cybersecurity portal
By Sebuh Haileleul (The author is country manager for Microsoft in Zambia).
