From speeding up innovation to understanding customers better, digital transformation has emerged as the primary driver of corporate evolution. IDC estimates that worldwide spending on digital transformation will be nearly $2 trillion by 2022 up from ‘just’ over $1 trillion this year.
It is seldom a smooth undertaking though. Reaping business benefits requires fundamental changes to an organisation’s culture, business processes, and the very technologies that underpin it. While digital technologies can provide amazing levers of growth, they also help widen the threat landscape.
“In fact, anxiety surrounding not only spiralling costs (43%) but crucially also security (40%) and privacy (37%) are the key adoption barriers for business decision makers when it comes to innovations such as AI and IoT, according to the Cycle of Progress survey by Tata Communications.”
Even as Indian enterprises have been consumed by putting up an additional cyber-defences, attackers and threat vectors are evolving rapidly as well. For example, as organisations rapidly adopt cloud delivery models, software-defined networking, IoT, analytics, blockchain and open APIs, they concurrently require a more systematic and proactive approach to addressing security threats and managing compliance requirements.
Indian organisations have also been guarding their information assets through a myriad of point solutions, which are clearly inadequate since threat vectors have evolved to take advantage of the legacy security solutions in place. The degree of difficulty rises when business units begin consuming technology, like cloud services, without any IT intervention — the IT team will have little visibility into systems that do not show up on its radar.
For most organisations, security is neither seen as a revenue generator nor as a business enabler. A direct consequence is that business processes and the IT that enable them, mature faster, and thus their security cover is in a perpetual scramble to catch up. As a result, for most technology initiatives, security is often the last thing to get bolted on.
A rash of incidents over the past few weeks helps illustrate this:
March 1: Over 2 million identity records on government officials and politicians from every country in the world leaked from a Dow Jones watch-list
March 21: Facebook admits that it has not properly secured the passwords of as many as 600 million users
April 15: IT outsourcing giant Wipro begins investigating reports that its IT systems are being used to launch attacks against some of its customers
Malware; hackers; botnets — over the past months, the media has focused on the surge in security incidents that have had an adverse legal, financial and reputational impact on Indian enterprises.
“Despite this growth in awareness, IDC estimates that 93 per cent of Indian organisations have just basic cyber-security protection in place.”
So, on one hand, enterprises realise that they need to harden their resilience to threats, and on the other, they need to do so facing the realities of user expectations, shorter business cycles, legacy environments, managing multiple technology providers and internal skills gaps.
The security conversation within organisations clearly needs to change. It’s rather unfortunate that fear has been the traditional basis of accessing security investments. It also, possibly, reflects a legacy mindset at work in organisations. Today’s threats and tomorrows challenges can’t be dealt with by brandishing fear, they need a risk-mitigation approach to get business buy-in. IDC has also identified the acute shortage of cyber-security professionals and ineffective security sourcing among the top 4 vulnerabilities of Indian enterprises on their digital journeys.
To emerge from chaos to order will require leveraging intelligence, technology and talent in equal measure to devise appropriate yet agile response mechanisms.
From skilling to keeping pace with threat vectors by using emerging technologies such as machine learning, and analytics to even enhancing resilience, is a challenging journey for an organisation to undertake on its own. As the velocity, variance and sophistication of cyber-security attacks intensifies, organisations need to partner with specialist security service providers with demonstrable capability for innovation and the use of emerging technologies.
The goal should be to not only reduce the probability of an attack but also to switch the focus to risk-mitigation and quick remediation. Making the CEO and the Board aware of the many fast-evolving threats by highlighting the invaluable role of security controls in minimising business risk is part of the process. A shared ownership of risk with business stakeholders and forging the right technology partnerships will enable organisations to unlock the full potential of the latest digital technologies — and pave the way for total business transformation.
“To ensure the cyber-security readiness of Indian industry, the CII-Tata Communications Centre for Digital Transformation is launching various initiatives like the International Conference on Cyber-Security as well as Cyber Security Training-cum-Certification Program for both security professionals and those interested in a career in this field.”
Find out more about Tata Communications’ truly integrated security suite for the digital enterprise.