How to secure your digital transformation projects after lockdown

Posted on August 28, 2020


Under lockdown, businesses have realised new efficiencies by quickly adopting cloud-based technologies to support remote working. As a result, the acceleration of digital transformation projects is showing no signs of slowing down when the restrictions are lifted.

According to NCC Group research of hundreds of cyber security decision makers, remote working, cloud and digital transformation projects are the top three initiatives that organisations are planning to adopt after lockdown. Businesses appear to be recognising that to achieve greater reliance, bolt-on security is a losing strategy in the modern digital economy and adopting integrated Cloud Platform grade security solutions offer efficiency and agility gains while reducing total cost of ownership.

But as the digital environment evolves and presents new opportunities for business leaders, so too does the threat landscape for hackers: NCC Group research respondents named the post-COVID-19 threat landscape as their biggest challenge after lockdown. Phishing and malware (48%), impersonation (41%) and fraud (40%) attacks have all increased in the last 12 months.

Whether you’ve already migrated to the cloud or are planning to take on new technologies, it’s crucial that you increase your resilience against these evolving threats: 64% of large businesses agree that they should have paid more attention to cyber risks when conducting digital transformation projects and viewed them as an opportunity to improve their cyber security architecture increasing their business digital resilience

With that in mind, here are five actions you can take to help secure your digital transformation projects after lockdown.

  1. Understand your digital environment

Firstly, ensure that you have total clarity around your new digital environment and the baseline security controls that underpin it. For example, do you know where your key assets are and how their risk profiles will be affected by changes to your digital footprint? Are you still confident in your ability to detect, monitor and respond to dynamic threats in real time? If the answer to those questions is no, increase your understanding before progressing or taking on a new project.

  1. Conduct threat and risk profiling

By taking on new technologies to support remote working or other cloud-focused initiatives, you could be presenting new opportunities for hackers to infiltrate your organisation. Re-evaluate the threats to your environment and how these translate into risks to your business so that everyone from IT to the Board can understand their role in mitigating them.

  1. Create 30/60/90-day plans

Prioritise your project into realistic deadlines and ensure that you can scale up your people, processes and technologies at the same rate new solutions are being implemented. Start by confirming that your IT team has the skills and resources to cope with the new demands on your business. You should also check your licences and contractual agreements to ensure that you aren’t exposing yourself to threats by running new technologies alongside older systems with outdated security controls.

  1. Ask questions of your suppliers

During lockdown, many businesses took on new suppliers to help them overcome their remote working challenges. Now that the dust has settled, it’s important to ask questions about your suppliers’ resilience and confirm that they can meet your short, medium and long-term cyber security expectations. It is no longer good enough to think just 3rd party, the digital attack surface goes deeper into 4th and 5th party relationships. Are you challenging your 3rd party relationships own suppliers Cyber Security resilience?

For example, if one of your Software as a Service (SaaS) providers is still operating without multi-factor authentication, challenge them about it. If they can’t explain why they haven’t upgraded their security controls and what they plan to do about it, you should seriously consider using an alternative.

  1. Create a long-term roadmap

The cloud and digital environments are always evolving, we are now living in an ‘Evergreen’ Digital Economy, so it’s vital to build long-term resilience by creating a culture of change that will drive value beyond completion of your transformation projects. This should include regular strategic and security rationalisation reviews, ongoing education about changes to your environment and updates to your business continuity and disaster recovery plans. Adaptive threat management, detection and response capabilities that support the changing flavours of your businesses risk appetite. Look beyond doing it all yourself, focus on what you do best and look for strategic partners to support you for the rest.

Do you want to balance digital transformation with long-term resilience?

This article outlines the first steps to resilient digital transformation journeys and ensuring the investments these change programs involve return full value back to the business.

This puts Cyber Security at the heart of a modern business operating model. IF organisations do not have this built in at a cultural DNA level, they can regard themselves as still being in BETA.

To put it another way it is as fundamental a decision to apply Cybersecurity in every aspect of the digital economy, as it is to decide to cast off a buoyancy aid and swim if you intend to live on the water