Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Balancing risk and innovation

Blog

There’s no question that digital is the way forward. It offers tremendous benefits to your business: faster speed to market, more business intelligence, improved customer relationships, productivity and efficiency – the list goes on. But as the pace of digital transformation quickens, it’s forcing a shift in how we think of and practice cybersecurity. It begs the question; how can cybersecurity enable innovation and move at the speed the business requires, while managing risk?

The fact of the matter is, it’s not if but when a cybersecurity attack will happen. We all know what a successful cyberattack can do to your business; the damage to brand reputation, trust, and profitability of the business can take years to recover from.  So, how do you lower the risk of a successful attack on your business, while supporting the business to innovate through the use and adoption of technology?

Your digital footprint is growing, whether you know about it or not  

It’s not easy to be innovative when you’re already dealing with so much risk. Your digital footprint is already growing, whether you know about it or not. Coupled with a global security skills shortage and limited budget, cybersecurity resources are being stretched, and are being asked to compete against an increasingly sophisticated and stealth cyber-adversary.

Moreover, a digital footprint is more than infrastructure you sanction to deploy (e.g. network, data centre). It’s the data that is shared between customers, suppliers and partners; it’s the BYOD policy implemented; its official and fake social media accounts, websites and applications that represent your employees and your business; and, key to this discussion, is the decentralised technologies business units deploy without checking with IT or security teams first.

Part of the challenge of being a security team that supports innovation, is being involved in the first place. Security professionals find themselves in this predicament for a number of reasons but fortunately, there are ways to fix this.

The changing role of cybersecurity

1. Building cybersecurity into your corporate and digital transformation strategies

The Digital Means Business Benchmarking Report showed that business leaders agree digital transformation is a key criterion for future business success. It’s surprising, then, knowing all that we know about the potential damage of a successful attack, that cybersecurity does not have a bigger presence in strategy. Afterall, it underpins one’s ability to realise the benefits and capitalise on the opportunities that transformation can bring.

In this regard, cybersecurity needs to be repositioned as the enabler of secure digital transformation and innovation, and an integral part of where your business is headed. This is more than simply stating ‘we’ll do A, B or C securely’. It sets the expectation to the rest of the business that you aim to be secure by design at the strategic level as the benefits of doing so are tangible and integral to your success. Moreover, it sends a message to the market that you’re investing in building a relationship based on trust with them.

2. Building a comprehensive risk-profile for the business

At a high-level, this requires your team to consider:

  1. What is our direction, goals and objectives as a business? Are we steady-state, in which case, fewer innovations are perhaps needed or are we truly trying to transform the way we do things, in which case there will be many changes across the business.
  2. What are our legal obligations? In other words, where can we make no exceptions and take zero cybersecurity risks – i.e. data and privacy regulations, ensuring we meet our compliance requirements.
  3. Where am I not willing to take risks? i.e. protecting your intellectual property.
  4. What types of risks are we willing to accept? i.e. bring-your-own-device or application, because the productivity and usability outweighs the potential known risks to our business.

Another area where you can lead change is in the development of a clear risk profile, which will help you to better understand which types of innovative activities you will prioritise and execute as a business. It will also serve to set the expectations on how to balance innovation and risk across the business.

Being willing to take risks does not mean you don’t provide a level of security. In fact, it often informs a nuanced requirement for security. Where traditionally, security might have said no to a BYOA strategy on the basis of security risks, there’s now room for further conversation around to what degree do we secure this? Or, how do we protect ourselves from the risk that it introduces?  This provides a starting point for additional cybersecurity investments for the business, where risk is being introduced.

Changing perceptions about security at a programme and business unit level

The next area has to do with perceptions of IT and security teams with those who deliver or implement the transformation initiatives.

Often, IT and Security teams are viewed as the “no” people and are seen to operate in a silo and not execute at the pace a business requires. This can result in them being excluded from the business’ initial decision-making processes around technology to use as well as the innovation ideation process.

For example, a manufacturing team might have had a great idea for an application that will improve operational efficiency by 15%. But, they need to move quickly to launch this service to maximise their window of competitive advantage and as a result, take the approach to build/ develop the application first and to secure it later. Not only does this approach add cybersecurity risk to the business, it is also likely to be costlier in terms of redevelopment, or to repair damages of a successful attack/exploitation of the apps vulnerabilities. It’s hard to protect the business from vulnerabilities you didn’t know you had.

However, a new field is emerging – SecDevOps (also known as DevSecOps and DevOpsSec) is the process of building cybersecurity into new tools, processes and applications and represents the benefits of being secure by design at the operational level of innovation.

Innovating within cybersecurity itself

Fortunately, there are also innovations happening within the cybersecurity industry that make a dynamic cybersecurity posture possible.

Cloud-based security, for instance, holds much the same benefits and appeal of other cloud-based services: flexibility, scalability, agility and cost, to name a few. As your footprint grows and shrinks, cloud-based security technologies can respond accordingly.

Additionally, there’s an increasing need for predictive threat intelligence. You can get cybersecurity right 99% of the time, but cybercriminals only need to exploit the 1% to do damage. Predictive threat intelligence offers you visibility into what cyberadversaries are planning to do next, in the context of your country, industry and unique digital footprint. With this layer of intelligence, you can take proactive measures to keep your business secure. Investing in predictive intelligence is one way to consolidate your cybersecurity investments and make a clear ROI demonstration.  

Summary

We know securing a digital business isn’t easy. It doesn’t pause for you to get up to speed, and it takes time to address the culture changes within the organisation. But it’s clear that innovation, risk and cybersecurity are not opposing concepts – they need to work together, and as your footprint expands and adversaries continue to plan attacks, you really can’t afford not to.

Previous Article: The two-way conversation you need to have with your CEO on cybersecurity Next Article: Performance management gets personal

You may be interested in

colourful graph
Blog

Do the flow-bot: applying machine learning to internet-scale security analytics

The analysis of network flows for security is not new and has been adopted in both network and security industries for more than a decade.

Read blog
Cityscape
Blog

The two-way conversation you need to have with your CEO on cybersecurity

With cyberattacks featuring regularly in mainstream news, it’s good to see that Boards and CEOs are becoming more cybersecurity conscious.

Read blog
Roads
Blog

SDN is redefining the data centre

To understand how the data centre is changing within the enterprise, it’s important to recognise that its essential functions are not changing.

Read blog
Robot hand
Blog

Behavioural analytics and artificial intelligence demand a relook at identity

The reignition of interest in and the acceleration of the capabilities of artificial intelligence (AI) are providing security professionals with an expanded toolbox.

Read blog