VIEWPOINT
THE CYBERSECURITY IMPLICATIONS OF DIGITAL TRANSFORMATION EFFECTIVE CYBER DEFENSE IS A MIXTURE OF THE RIGHT PEOPLE, PROCESSES, AND TECHNOLOGIES. WHEN IT COMES TO CYBERSECURITY AND PARTICULARLY CYBER DEFENSE, IT IS SIMPLY NOT ENOUGH FOR AN ORGANIZATION TO BUY VARIOUS TECHNOLOGIES AND INSTALL THEM ON THEIR SYSTEMS, SAYS ABED SAMHURI, CYBER INSTITUTE LEAD AT AXON TECHNOLOGIES.
I
t is a fact that organisations that have adopted digital transformation in advance were able to cope with the remote working challenges during the pandemic. And this indeed has pushed many organisations to start considering digital transformation seriously. However, if done with no security in mind, digital transformation can widen the attack surface against the organisation and can open the door to more security incidents. One of the greatest challenges to securely implementing digital transformation is not having enough resources (budget and manpower). For this reason, our first recommendation is to outsource this aspect to a thirdparty cybersecurity firm. The following are three key tips to mitigate any security risks that arise from digital transformation: 16
CXO INSIGHT ME
DECEMBER 2021
• Cloud Security: given that a lot of technologies for digital transformation are cloud-based, it is crucial that you pay attention to this point. Cloud security starts with choosing the right cloud service provider – one that already has a strong security policy. • Multi-Factor Authentication (MFA): it is not enough that you have strong passwords on various online accounts. You need to enable/ enforce MFA to prevent account compromise, session hijacking, and other attacks. • Enable Auditing and Logging: whenever you utilise a cloud-based service, ensure to enable logging of various actions (permissible or otherwise). In times of crisis, those logs are the first thing that will give you clues of what is happening, why it is happening, and how to fix it.
Towards zero trust security Zero-Trust Security is a principle in security architecture where “trust” is eliminated between interacting entities – such as a person accessing a system, an application accessing a network share, etc. In this approach, enforcement of authentication and authorization always takes place between entities regardless of their network or location. No network is regarded as trusted where entities in it can interact with no authentication. Thus, it is about eliminating trust. The advantage of the zero-trust approach is self-evident. It reduces any chance of an attacker exploiting a trust relationship and gaining unauthorised access due to that trust. Attacks like spoofing, hijacking, privilege escalation, etc., get reduced tremendously in an infrastructure designed with zero-trust principle.