When Covid hit, companies had to accelerate their digital transformation process out of necessity. But now, almost three years after the initial shutdown, most organizations have embraced digital to the point where they are now maintaining new technologies rather than implementing more.
Cybersecurity is a crucial component of a company’s digital transformation. But have organizations stalled out on adopting new cybersecurity innovations, or is security a totally separate entity? What happens now?
The end of the digital transformation
It’s safe to say that in January 2020, most organizations were making the digital transformation gradually. Going fully digital involves transitioning more tasks to computer-based technologies like cloud and mobile, and changing corporate culture and business processes. The project requires methodical planning and organizations must complete it in stages, spelling out strategies and budgets. In this way, organizations and their employees could adjust to new technologies and procedures over time.
In March 2020, everything changed. If your organization wasn’t accelerating its digital transformation process, it was falling behind — if it could survive at all. A report from Celerity found that 63% of organizations began or hastened their digital transformation sooner than planned because of Covid-19, and 49% said that digital transformation was not a strategic priority before the pandemic but quickly became one.
“In short,” the report said, “leaders were enthusiastic about investing in tech at the start of the pandemic, largely because it was the only way to preserve business continuity while ensuring employee safety.”
That was three years ago. As we moved into 2023, J.R. Cunningham, a chief security officer with Nuspire, predicted that this year, we can safely say the digital transformation is done.
“We are digital,” Cunningham said in a webinar. “The transformation is not some up-and-coming future thing. It happened.”
Cybersecurity and the digital transformation
The digital transformation brought new levels of attention to cybersecurity. According to a 2020 Ponemon Institute study, the digital transformation increased cyber risk, especially since those within the organization tasked with cybersecurity — only 24% of CISOs had a prominent role — weren’t actively involved with the process.
Third parties, such as cloud vendors, play a huge role in digital transformation, contributing to increased cyber risk. However, people weren’t ready. Some 58% of respondents said they did not have a cyber risk management program, and 63% said they couldn’t ensure a secure cloud environment. This reliance on third-party vendors with poor security results in cyber incidents. In fact, 55% of the Ponemon study respondents admitted that a security failure with a third party resulted in a post-digital transformation breach.
Remember, the Ponemon study took place during the height of the digital transformation push, when everything was in flux. Organizations embracing new technologies didn’t totally ignore cybersecurity, but they left weak spots to be exploited, both internally and externally.
The need for rethinking cybersecurity within the digital transformation process did eventually happen. Leadership began to realize that adding new technologies required the need for restructuring employee security awareness training programs and that remote work required organizations to revamp their cybersecurity strategy. They onboarded cybersecurity tools, in part because of the chaos and in part because of the disparate workforce. But due to the urgent timeframe, many organizations used these tools straight out of the box without customization.
Cybersecurity in a post-digital transformation world
If we have truly moved to a post-digital-transformation environment, as J.R. Cunningham predicted, this could be a positive moment for cybersecurity. In fact, we could be witnessing a cybersecurity transformation period.
In the “before” times, a well-executed digital transformation was planned based on business goals and growth. During the pandemic rush, the main objective was to keep the enterprise up and running. This meant that technology moves were based on current business needs rather than planning for long-term success. If the transformation happened, organizations should now be in a maintenance rather than an implementation pattern.
After the pandemic’s changes, leadership can start building a cybersecurity program that meshes with business operations and goals. During the transformation, the security team should have someone designated to do a deep dive into each digital endpoint to identify potential risks. Post-transformation, with these endpoints already known, organizations can build security around the actual technology in place and as it expands.
With the baseline of the technology already in place, security teams can evaluate relationships with third-party vendors and take a deep dive into the cybersecurity of the supply chain.
Look at the risks circling around APIs, for example. APIs are a vital part of the digital transformation, the backbone of mobile and web applications. A single vulnerability in an API could lead to catastrophic events for a company. The problem is discovering exactly where that vulnerability lies. Most organizations don’t have an inventory of all the APIs used across their applications and devices. They certainly don’t have visibility into APIs across the supply chain. Shifting the budgets and hours once reserved for the digital transformation to instead focus on re-evaluating the supply chain and vendors’ security practices could better identify and decrease potential risks.
The future is digital
The digital transformation has changed the way organizations work. Organizations will continue to build on the technologies they’ve introduced into their business operations, and they will shift their objectives to better adapt digital assets to work culture and hybrid situations.
But the hardest part is over. The pandemic forced everyone to jump ahead two, three or five years in their strategic planning and processing stages. Cloud, mobile, web — the baseline is now in place. Now we have to ensure that our cybersecurity platforms stay one step ahead of the new era of digital maintenance.