By Brian de Lemos, RSA
A recent research study indicates 74 percent of business leaders see digital transformation as a priority. This is great news. We’ve seen the positive benefits of adopting modern technologies, such as AI, IoT, blockchain, and cloud.
Unfortunately, we’ve also seen what happens when these new technologies aren’t managed properly: costly breaches or security incidents impacting reputation, trust, and the bottom line. It’s critical to understand the factors that may introduce digital risk—the unwanted or unexpected outcomes of adopting digital technology—along with adoption.
What are the eight common types of digital risk?
Whether you seek operational efficiencies, improved customer service, or a modern business model, beware of these eight common types of digital risk spawned from digital transformation initiatives:
1. Cyber: A growing number of devices, paired with more sophisticated threat actors, means the risk of a cyber attack is greater than ever.
2. Workforce: The distributed workforce and gig economy may create operational efficiency, but it comes with new identity governance and threat-monitoring challenges.
3. Cloud: Although not new, the risks associated with moving or deploying systems to cloud architecture continue to grow.
4. Compliance: New government-led regulations present risk challenges that expand beyond the domain of governance, risk, and compliance teams.
5. Third-party: External vendors are needed to help augment resources, but if left unchecked, their vulnerabilities (and their third-party vulnerabilities) could become your risks.
6. Process automation: Disrupting manual processes creates new and often unforeseen risk challenges that could gravely impact a business and/or society.
7. Resiliency: Responding to a security or risk incident is inevitable, but without the right recovery strategy, an organization may never be the same.
8. Data privacy: Scrutiny and regulation around personal information is growing and if not managed properly could tarnish a brand’s trust, reputation, and bottom line.
These risk challenges are not unique to any one industry. From healthcare to financial services, businesses are in search of answers for how to best address digital risk. What I hear from customers is the need for a consistent framework to assess their business risks. Additionally, security leaders want to buck the stereotype that they are “business inhibitors” and instead drive perception of being facilitators of their company’s journey through vast disruption and change.
What are the three critical factors to approach challenges when looking at security as a business enabler?
This shift in perception requires looking at security as a business enabler and approaching these challenges with a digital risk management strategy that relies on three critical factors:
1. Visibility: Line of sight to how information is being handled (and by whom) within the context of business criticality
2. Insights: Access to an array of contextual factors that can give leaders a better understanding of potential outcome
3. Action: The ability to respond in a timely and effective manner
Before digital transformation became a workplace buzzword, risk management teams often operated in silos, focused on their sliver of the business. The same was true for IT security teams hidden in dark corners of the building. Facing the reality that digital transformation presents risk challenges, these teams must now work together and be present at the highest levels of the business.
Before digital transformation became a workplace buzzword, risk management teams often operated in silos, focused on their sliver of the business.
To do so, visibility, insights, and action must be employed across three critical domains:
1. Security Operations: The team keeping the “bad guys” out of your organization and away from your critical assets
2. Risk Management: The function keeping the organization in
regulatory and legal compliance, while helping manage other areas of business risk like third-party relationships, IT risk and operational risk.
3. User Access: The function that allows employees, partners, suppliers, and customers to gain frictionless, secure access to the information they need
These domains hold the key for successful digital risk management. In protecting your critical assets, the security operations teams monitor the boundless perimeter—detecting and responding to threats. Integrating processes with information from security operations and other teams creates a robust risk management engine capable of processing and cataloging an array of threats across the organization. In the case of user access, it means being able to investigate a root cause at the point of a single identity and challenging potentially risky users with a step-up authentication to ensure the users are who they say they are. These domains ultimately facilitate a faster, more coordinated and secure cadence—a needed dimension for the modern enterprise struggling to mitigate new and complex risk challenges.
We are currently witnessing an eruption of changes—driven by rapid tech innovation—that is giving way to expansive risks displayed in a variety of ways. The surest way to thrive in the age of digital transformation is not to cling to the past or go fearlessly into the future, but rather involve security and risk leaders that enable a business for long-term success.