The total number of internet users is expected to reach 5,3-billion by 2023 and the total number of devices and connections per person is anticipated to reach 3,6 globally by the same year, according to Statista.
IoT Analytics’ State of IoT Spring 2022 report found that the number of internet of things (IoT) connections grew by 8% from 2021 to 2022 with the market expected to reach 14,4-billion active connections by the end of this year.
These numbers reflect growing investment into digital innovation, digital transformation, the intricate complexities and connections of the metaverse, and rapidly evolving and mercurial blockchain developments.
Now, it’s time to stir the cybersecurity statistics into the mix. The Ponemon Digital Transformation and Cyber Risk Study 2020 found that 82% of IT security and C-suite executives had a data breach when they implemented new technologies, and in 2022 the numbers aren’t much kinder.
A new Ponemon Institute Study has found that 60% of leaders aren’t confident that they can secure their cloud environments while 62% don’t think that their traditional solutions can mitigate the threats. This is further complicated by the sophistication of the attacks and the cost of these attacks when they are successful – as IBM found, data breaches now cost around $4,24-million per incident.
“No one incident has ever impacted digital transformation (DX) or digital innovation (DI) as much as the pandemic,” says Stephen Osler, co-founder and business development director at Nclose. “Every business under the sun with any employees who used the internet implemented one or both of these elements over the past three years.
“What this has done, however, is fast-tracked the security challenge in the organisation. Companies that had analogue platforms have now brought legacy security problems right into the foreground with their digital solutions so they are now wrestling with digital as they would a live tiger intent on eating their data for breakfast.”
Often, companies that have leapt into these digital waters think that their presence is, to keep the analogy going, only ankle-deep. They’re dipping their toes, experimenting with solutions, finding their strategic direction. The reality, however, is that they are already waist deep in digital with toe-deep configurations which means that their systems and access points and security platforms are not aligned with their digital presence and risk parameters.
“When many companies made the move to DX or DI, they often inadvertently increased their attack surface because many systems that were previously not on the internet are now being introduced to the network,” says Osler. “Also, many had to make this move fast, so they’re still refining the ultimate goals they want to achieve with their DI or DX initiatives which means that they’re still working out how cybersecurity fits in and what its role has to be. The result is that they have gaps in their security infrastructure that they may not even be aware of.”
So what is the business supposed to do? Stop digital innovation and digital transformation initiatives in their tracks and revert to pens, paper and smoke signals? No. The answer lies in finding the opportunity that sits within this transformation and innovation and to use these gaps in security and infrastructure as stepping stones towards a more secure and scalable organisation. In investing into approaches, technologies and solutions that are designed to address the holes in security in sustainable and relevant ways.
“Solving the problem asks that the CISO and the CIO are in tune with one another so they understand the end result of DI projects and how cybersecurity can facilitate them,” says Osler. “One way is to implement DevSecOps within the company and embrace agile methodologies that allow for the company to develop toolsets and capabilities that put the business on a solid security foundation. Another is to look at all the different security toolsets and methodologies available and create a smart solution that leverages the right ones in the right spaces.”
Cybersecurity is not as flexible and agile as DI or DX solutions; it can’t be because it’s rigorous for a purpose. However, by embracing security by design and by intent, companies can create approaches that are in tune with DX and DI strategies, that fill the gaps and protect the touchpoints, without compromising on growth, agility and, of course, security.