Cyber Security is one of the pillars of Digital Transformation and it is no longer just an IT issue, it’s a business issue. As business models and assets move deeper into the digital sphere (the cloud, etc), they become more susceptible to security breaches which could result in fines, PR black eyes, the erosion of customer trust, or worse. With that in mind, here’s my quick guide to understanding the basics of cyber security in digital business.
What’s the Threat?
In Cyber Security, there are two categories of threats: external and internal.
The external threat is one you are probably most familiar with: hackers. Outsiders who gain access to your system and extract valuable information or data. This is the type of hack we saw last year at Sony Pictures, in which hackers gained access to Sony’s systems for over a year and extracted terabytes worth of sensitive data. Traditionally, this where Cyber Security efforts have been focused, making harder and harder for outsiders to gain access.
Today, the internal threat is actually more substantial to digital businesses. This is the Edward Snowden scenario, in which an employee extracts sensitive data after gaining access to it legitimately. This internal threat is increasing as it becomes more common for employees to use their own devices in the workplace like personal laptops, smartphones, tablets, etc. It doesn’t have to be a disgruntled malicious employee, data leaks can occur completely by accident.
Luckily, a lot of progress is being made to combat both types of threats. Here in NYC, a company called Allure Security Technology has developed active user behavior analytics software to safeguard against both internal and external threats. The software, “combines machine learning and decoy technology to protect devices from data loss and intrusion...” The is software that learns how employees interact with company data then seeks out irregularities and threats.
What are the Laws?
A few years of high profile data breaches, particularly in the financial sector, has lead to a push for more intense legislation around Cyber Security. Federal regulation around the issue is currently pretty weak, legal obligations for Cyber Security come mostly from state laws, though the Obama administration has recently rolled out a new Cyber Security initiative. Digital businesses must be sure to adhere to their federal and state laws are sure to become more demanding over the next decade.
Develop a Strategy...
As I remind my transformation clients, every digital business needs a unique Cyber Security strategy which addresses both categories of threat and is legally compliant. The nature of the evolving digital transformational decade is an evolving threat, attention and vigilance is required. When building or transitioning a digital business you must understand your security weaknesses and develop a unique strategy to minimize them.
Protect your data, protect your business!