If your organization wasn't already focused on digital transformation, the pandemic probably forced you to move into that realm.
Sandy Silk, Director of Information Security Education and Consulting at Harvard University, appeared on our series of SecureWorld Remote Sessions to explain what a rapid shift this is.
What used to be a strategy or a compilation of suggestions is now the new reality amid COVID-19, and many companies are playing catch-up.
The basic goal is "using technology and data to provide more value," Silk explains.
She adds that ideas around digital transformation (Dx) used to focus on the customer or consumer experience, but now more than ever, digital transformation is also employee focused with the massive move to remote work.
Cybersecurity must help securely enable this shift.
Digital transformation: company culture and data
Company processes certainly changed during the pandemic. Popping our heads over the office cubicle to ask a colleague a question was replaced with FaceTime or Zoom. Silk stresses the importance of company culture to remain the same.
"The decisions that people will make, whether they think someone is watching them or not, is the cultural norm. No one is watching you working remotely, so the culture is going to really define what people are doing," Silk explains.
We are all witness to the exponential increase in data available because of the push to online purchases amid shelter in place policies. Even if we are simply getting a coffee, that purchase is most likely made using a digital wallet, or Starbucks app, etc. To-go orders have skyrocketed, making sites like Grubhub and Uber Eats ever more popular.
Silk points out there's a lot of new data being exchanged, and a lot of opportunity for mining that data to enable digital transformation. It's likely your industry, regardless of vertical, has more data to work with than ever before.
However, Silk also wants you to think about the line your organization won't cross. Is there data available you refused to collect because of the risk to your company's brand or reputation?
"That line is a cultural issue that should persist no matter where your employees are working from," Silk said.
Digital transformation: communicating about risk
As your company transforms, how are you evaluating and talking about risk?
Silk believes one of the biggest communication hurdles organizations face is the ability to discuss risk.
It can be difficult for every part of a company to understand and evaluate risk factors in a mutual way, so Silk recommends focusing on convenience.
- Is it easy to talk to the cybersecurity team at your organization? Perhaps you need to consider new tools for communicating, or an automated structure.
- Does your organization have enough documentation to provide details so you can ask the right questions?
- Do you have a matrix to follow and see who is responsible for everything everywhere?
Digital transformation: watch for cybersecurity burnout
Organizations must securely enable digital transformation. However, this has its limits.
"Just as we have 'howmuchtoiletpaper.com,' we really need to think about 'howmuchinfosecresource.com' do I have, and how much can I use at one time."
Silk warns that too many ongoing projects can provide opportunities for attackers. Focusing on the greatest vulnerabilities can help:
"Stop trying to improve security posture uniformly across the enterprise. Never-complete projects are contributing to our attackers' success and our own burnout. Focus on building appropriate controls for the worst vulnerabilities in the business's most critical areas."
Additionally, Silk points out, employee error is typically the highest pain point a company experiences, and there are many more opportunities for mistakes with the move to remote work.
"You can't work for more than 8-10 hours and you need breaks, otherwise people are going to have bad judgement from exhaustion. They’re going to get burnt out, they're going to be sick because they are exhausted, maybe not with coronavirus, but with just exhaustion."
Digital transformation: 5 tools for IT and cybersecurity
To help address the digital transformation challenges already discussed, Silk suggests looking to these IT and IT security tools:
- Standardize and automate repeatable processes
- Provide self-service
- Fast-track preferred paths
- Leverage scripting to parse through data
- Fine tune alerts for events that warrant investigation
She unpacks this in greater detail during the Remote Sessions episode.
We highly suggest you take a few minutes to watch, as Sandy Silk shares her experience with digital transformation and provides excellent interactive examples on how to correctly frame risks to colleagues, how to detect issues, in-depth ideas on cost savings, and more.
Thank you, Sandy, for helping serve in SecureWorld's mission of connecting, informing, and developing leaders in cybersecurity.