'Security the largest hurdle for implementing DX'
'Security the largest hurdle for implementing DX'
A significant percentage (85%) of Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) say digital transformation (DX) is having a large impact on their businesses and is the biggest challenge to implementation – with specific reference to what are considered areas of quick adoption including IOT, AI and machine learning.
This is according to the global 2018 Security Implications of Digital Transformation Survey run by cybersecurity firm Fortinet.
According to the survey, a large majority of organisations have already begun their digital transformation process, with 67% of respondents stating that their organisations started implementing DX more than a year ago, and 95% saying that they are at least trialling a solution today.
This means an increase in the risk of cyber-attacks, says Fortinet.
"The proliferation of endpoints, increasingly distributed networks, and the exponentially increasing volumes of data and network traffic are all sources of concern for IT security teams and IT departments. CISOs and CSOs certainly agree: 85 percent cite security as the largest hurdle for implementing DX," it states.
Programmatic approach
The survey also found that CISOs and CSOs are especially concerned about the rise of polymorphic attacks (85%) and vulnerabilities in DevOps (81%).
"The digital transformation or DX wave appears to be sweeping away everything that stands before it, and cybersecurity worries have emerged as a significant obstacle to the transformation process," says Doros Hadjizenonos, regional sales director at Fortinet in South Africa.
"Currently, four areas stand out as particularly acute cybersecurity pain points for organisations adopting a DX approach: cloud computing, with a particular focus on multi-cloud environments; IOT; a burgeoning threat landscape; and rising regulatory pressure. It is crucial to understand that while organisations are turning to DX to achieve growth as well as other key business objectives, DX processes also require an equivalent security transformation with the integration of security into all areas of digital technology. This results in fundamental changes to how security is architected, deployed, and operated, highlighting why organisations need a programmatic approach to DX and security transformation, one where they are tied in lockstep with each other," he adds.
"African countries are typically high on the attack radar, so security is just as crucial for local organisations. The risk profile is growing with the addition of more and more mobile devices, IOT devices, IP cameras and other connected devices."
Fortinet believes the threat landscape today warrants a balance in focus on both business and security requirements.
"Largely organisations have tended to downplay the need/role of a comprehensive security strategy, especially in those organisations which have not yet been hacked or are not aware that they have been hacked. Having the importance of security understood by the executive suite has always been one of their on-going challenges," says Hadjizenonos.
According to Fortinet, based on its Threat Landscape Report, CISOs are warned of the rise of destructive and design attacks.
The company says cyber criminals are spending more time personalising their attacks to cater to specific attributes of their targets and offloading destructive payloads.
"While the number of exploit detections per firm dropped, the number of unique exploits grew 11%, with 73% of organisations reporting a severe exploit during the quarter," it says.
Hadjizenonos adds, "What all of these mean is that attacks are shifting from incidental, that is throw enough phishing emails at enough targets and eventually you'll get in somewhere attacks, to specific and targeted attacks using third party tools that are widely available to them. In the same way that organisations take advantage of Software as a Service (SaaS), hackers are taking advantage of 'Hacking Tools as a Service'. The ready availability of such tools increases the capabilities of the average hacker exponentially."
Fortinet believes it is imperative for organisations to adopt a 'security by design, security by default' mentality.
"This means identifying, acknowledging and responding to the security challenges of these technologies before deployment. In other words, follow a 'ready, aim, fire' methodology rather than "ready, fire, aim."