Quote from sachinm on 6 October 2023, 9:11 pm

As an idea to get the ball rolling here, SIG members can consider the complexity challenges and risks that come in the rush towards digitisation, and adoption of new AI technologies...

What are those challenges? How can risk management overcome digital transformation security challenges?

1. A Wider Attack Surface
Companies are now looking for ways to digitise almost every aspect of their operations, rather than discrete elements. These new technologies include:

• Artificial intelligence (AI) technology
• Cloud services
• Big data analytics
• Internet of Things (IoT) devices

However as these tools help to automate operations, they also give hackers more scope to penetrate organisational boundaries.

2. Increased Reliance on Third-Party Suppliers​
As organisations adopt new tools and technologies, they become increasingly reliant on the third-party suppliers that provide them, such as cloud vendors or SaaS providers. If those vendors have an existing security threat, that vulnerability gets passed down to the organisation. The same applies if the 3-rd Party Suppliers suffer a breach. So, the challenge is to manage 3-rd Party risks with the Extended Enterprise.

3. Pressure to Quickly Implement Collaboration Tools
With digital tools, companies have new ways to communicate with colleagues and share data with customers. This includes online collaboration tools that are convenient, yet not always secure.

Not only are these tools difficult to manage, but they also increase the likelihood of a breach. It’s easy to misuse these platforms and accidentally expose your company’s confidential or sensitive information.

Though there are cybersecurity programs available to help companies protect their data, they aren’t always used. This is because many projects are rushed, and many have insufficient security budgets.

4. Lack of Funds​
As mentioned, security budgets are often thin in a digital transformation. Most of the funding goes toward the new system being implemented, which leaves little wiggle room for other expenses.

For companies to maintain their data integrity in an increasingly high-tech world, that mindset must shift. Executives and stakeholders should know the risks they’re incurring by minimizing their security budget. It’s important to educate them by explaining the cybersecurity risks that the new systems could introduce and the steps required to mitigate them.

5. Employee Lack of Understanding​
For data security programs to work, all employees must understand their importance, as well as how to use them. However companies do not invest in training new employees on cyber and GDPR risks, and the again on refresher training. So, organisations' workforce often fail to understand the steps they must take to stay secure. Examples of key topics to cover include:

• How to stay safe in the cloud
• How to use security controls effectively
• How to recognise the signs of a cyber attack

6. Distributed Workforce
Today, companies have a more widely distributed workforce than ever before. With less importance placed on in-person meetings, employees have the freedom to work from almost anywhere on the globe, as long as they have internet connectivity.

By nature, this makes a company more vulnerable. There are a greater number of connected devices and more points of entry. This is catalyzing the shift toward cloud-centric implementations, as well as more advanced security approaches.

7. Strategic Planning
Security should be top of mind in any digital transformation, however some companies address security issues as they go. Unless there’s a clear-cut plan in place, it can be difficult to identify current pain points and opportunities.