Consider the security risk, urges Simeon Tassev, MD and QSA of Galix.
The emergence of the digital world has caused a number of organisations to shift from analogue to digitised environments.
Among the many complexities and challenges this transition gives rise to, new security considerations have also materialised. Businesses need to re-evaluate their security systems, processes and policies to align them with their digital transformation strategies.
New technologies mean new risks and new measures that need to be undertaken.
Despite technological advances over the years, cyber — security has typically been considered an “add-on”. Though something to be factored in, however, usually as a follow-on to whatever technology has been implemented within the business. In a similar vein to insurance, security has been something that businesses ‘have’ to do.
Also, the value of IT security has usually only been seen once something happens to compromise security.
Anti-viruses, for example, have been big business for the past decade or more, sold as add-ons to protect user machines and systems from viruses, malware and other cyber-threats. Businesses are on a technological learning curve, applying security solutions as and when needed, to meet the new risks that each implemented technology introduces. However, this is changing.
A digitised world
Today’s security solutions, are implemented in conjunction with technology and often included in the solution design phase, and sold as part of the solution itself. There are several practical reasons for this.
As technology has evolved, so, too, have IT security threats. Recent waves of advanced malware breakouts, such as Ransomware, clearly highlight the increased intelligence behind Cyber-crime. The impact of these breakouts has been catastrophic for many businesses across the globe. Organisations have been left reeling as their — and, more critically, their customers’ — data has been compromised and even lost entirely.
The networks, systems and solutions of the digital, connected world, also increases the complexity of business IT environments. Advents such as the Cloud, Bring-Your-Own-Device (BYOD), the Internet of Things (IoT) and applications based systems mean there are more potential entry points, or targets, for industrious Cyber-criminals than previously known. The more devices within a network, the more risk there is.
This new landscape of connectedness has opened up doors for other types of Cyber-criminals, too. More than just a calling card, Cyber-criminals are capitalising on the increasing value of data. Opportunities also exist for the more nefarious cyber-criminals, whose inspiration is political and whose intention is complete, terrorism-driven destruction of data and property. Security threats are on the rise, and security has shifted to become the main focus in technology deployments.
The security risks of digitalisation
Many industries, such as the financial and insurance sectors for example, have been paper-based up until quite recently. There is a large move towards converting hard copies of contract, customer data and more, to electronic format. This data needs to be stored somewhere. More importantly, it needs to be stored somewhere secure and yet, accessible. Thus, the rise of automated file, storage and backup systems.
With this new(ish) trend, the level of automation that has been enabled has led to a decrease in human intervention and less of a need for physical checks and balances. Data is collected from so many sources today, too. Connected devices, sensors, mobile applications, ERP systems and even physical security systems — all contribute to the vast influx of data that organisations are finding themselves on the receiving end of.
Businesses are reliant upon tools such as artificial intelligence (AI) and analytics to effectively process their data, attribute value to it and mine the benefits. Security systems in place behind these technologies all aid in maximising this value and retaining it for the business and its customers.
There is the added complexity of device and data ownership. Take for example mobile credit card readers — this data is owned by the financial institution, however the device on which it is generated in typically owned by the individual or business who is processing the payment. Security measures need to be incorporated into the application in these cases, and financial institutions cannot rely upon the users to have the required security measures in place on the mobile device.
The flood of data and the proliferation of connected devices makes it far easier for threats to enter a business’s systems undetected and wreak havoc upon the data contained within. It is critical for organisations to prioritise the security of both their and their customers’ data.
Pressure is also added in the form of compliancy, and legislations such as the Protection of Personal Information (PoPI) act have compounded the need for streamlined, automated data storage systems with built in security functionality. Data protection has become top-of-mind for every organisation on the digital journey.
Data security for digital growth
There is a lot of value to be found in ensuring that security is built into a business’s data storage, analysis and management solution(s). Knowing that a business’s data, and that of their customers, is protected by world class security systems that are constantly updated and refreshed, frees up the business to focus on its core competencies. This peace of mind also enables the business to innovate freely, without need for an in-house purpose-built security team to complete this function.
Ensuring security is part of an organisation’s digital strategy from the outset means that it can factor in potential threats and risks as solutions are rolled out. In turn, this allows the organisation to go ahead with implementing new technologies for the betterment of their business without having to be too concerned about security gaps later on. All businesses have a level of risk acceptance; however, this risk is severely mitigated when security forms part of the process and is not added as an afterthought.