Security is biggest hurdle to effective digital transformation
Fortinet study shows 85% of C-level security professionals say security is risk to DX
Cyber security risks are the biggest challenge to digital transformation, according to a new survey from Fortinet.
The 2018 Security Implications of Digital Transformation Survey found that 85% of Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) believe that security is the biggest hurdle to properly implementing DX.
The independent report surveyed over 300 CISOs and CSOs at 2,500+ employee organisations around the world, and found that 67% have already embarked on digital transformation, while 95% are at least trialling some sort of DX solutions.
Digital transformation can increase the risk of cyber-attacks, through factors such as the proliferation of endpoints, increasingly distributed networks, and exponentially increasing volumes of data and network traffic.
Among survey respondents, 25% estimated that their network infrastructure is not properly protected against security threats, in part due to factors such as expanding attack surfaces, growth in the volume and sophistication of threats and lack of skills.
Twenty percent of respondents had suffered 20 cyber-attack related intrusions in the past 24 months, with four of these resulting in outages, data loss, or compliance events.
"The digital transformation or DX wave appears to be sweeping away everything that stands before it, and cybersecurity worries have emerged as a significant obstacle to the transformation process," said Alain Penel, Regional Vice President- Middle East, Fortinet.
"Currently, four areas stand out as particularly acute cybersecurity pain points for organisations adopting a DX approach: cloud computing, with a particular focus on multi-cloud environments; IoT; a burgeoning threat landscape; and rising regulatory pressure. It is crucial to understand that while organisations are turning to DX to achieve growth as well as other key business objectives, DX processes also require an equivalent security transformation with the integration of security into all areas of digital technology. This results in fundamental changes to how security is architected, deployed, and operated, highlighting why organisations need a programmatic approach to DX and security transformation, one where they are tied in lockstep with each other."
The survey also found that there were a number of effective behaviours shown by the organisations that had not suffered a damaging security incident in the past two years, and those that had been attacked multiple times.
The most effective organisations are 76% more likely to integrate security systems to form a unified security architecture; 38% more likely to share threat intelligence across their organisation; 34% more likely to make sure safeguards work everywhere (on-premises cloud, IoT, mobile, etc.); 24% more likely to build in compliance controls for centralized tracking and reporting, for both industry and security standards; 24% more likely to have automated more than half of their security practices and 20% more likely to have end-to-end visibility across all environments.
Penel added: "The implications are clear. Holistic and integrated security strategies are more effective than siloed, reactive ones. A strategic approach becomes increasingly important as an organisation's attack surface increases with the proliferation of devices, whether for a mobile workforce or as part of an IoT initiative and the adoption of cloud, particularly multi-cloud, environments. Further, a comprehensive strategy that unifies IT tools and processes across all parts of the network is necessary for addressing advanced threats such as polymorphic attacks, as well as new vulnerabilities that sneak in because of DevOps. At the same time, integration of security elements is a fundamental requisite for an organisation seeking to automate workflows and threat intelligence sharing."