Digital transformation and cloud computing have improved productivity and changed the way the world works. Companies are moving their applications and data to the cloud for many reasons such as efficiencies, flexibility, agility. This revolutionary change has also shifted the location of risk from central infrastructure to endpoint devices. While digital transformation has brought new opportunities, it also requires a new way of thinking about risk.
Goodbye Legacy Architecture
The digital transformation is enabled in part by the separation of software and hardware. Virtualization and cloud computing has allowed for the abstraction of computer resources, providing scalability and efficiency. Legacy architecture doesn’t matter in the cloud — everything is virtualized. This new environment requires new security thinking, yet many companies still have a legacy mindset when it comes to security.
New Environments Call for New Security Practices
In the shift to the cloud and digital transformation, it’s easy to overlook security. However, research shows that cyber risks increase as companies transform. According to the results of the The Cybersecurity Imperative benchmarking study, companies that do not update their cybersecurity practices as they shift toward digital transformation are likely to lose $1 million or more in cyberattacks.
Security Practices From the Past
IT leaders need to shift their focus from a reactive mode to a proactive mode: one that anticipates and prevents risk. Hackers are very proactive and they work hard to find likely targets. They look for your security gaps and tools to use in exploiting them. It is estimated that every company will fall victim to a phishing scam. It’s not a matter of if, rather than when. If you want to keep up with them, you’ll need to take an active approach to security.
Security in the age of digital transformation requires you to think like a hacker. A hacker looks for vulnerabilities to exploit. Hackers spend time on government and security sites, reading warnings and looking for known vulnerabilities. To keep your data secure, you need to take a proactive approach and find your gaps, just like a hacker would.
Think Like a Hacker
Here are some pointers on how to think like a hacker:
- Assume your network infrastructure can be compromised.
- Look for the most vulnerable targets in your company. (Hint: anyone who opens files sent from third parties on a regular basis.)
- Search for new vulnerabilities and gaps.
There are some powerful tools available to protect data in transit and at rest in the cloud. With SaaS security solutions, you can do a lot to monitor and secure your data. But tools alone will not keep your data secure. People are a vulnerability and a target for hackers. Most breaches are the result of human error, such as clicking on a phishing email or opening a corrupted file.
A number of companies offer cybersecurity awareness training for employees in the form of online training modules, one-to-one sessions, video, on-line, etc.
According to cybersecurity experts SecureWorks, best practice steps to train employees include:
- Comply with all local and federal laws and regulations
- Get everyone on board — the entire organization
- Establish a required baseline of assessment
- Create a system of clear communication about the program
- Make the training intriguing and at least a bit entertaining
- Enforce, review and repeat. No “set it and forget it” or “one and done”
- Create a culture of reinforcement and motivation for constant vigilance and learning
How to Keep Your Data Secure
Digital transformation has unlocked not only new possibilities but also new vulnerabilities. Keeping data secure in the cloud takes a proactive approach. As the landscape changes, so do your vulnerabilities and gaps. Use the best security tools you can acquire and raise security awareness in your organization with security training.
Download a recent presentation on cybersecurity by cyber defense expert Gary Miliefsky and learn how you can safeguard your company’s data.