The Intersection of CybersecurityandDigital Transformation

Laszlo S. Gonc, CISSPNext Era Transformation Group, LLC

20th Century

© Portions Copyright 2016-2018 Gonc & Associates, Ltd. All rights reserved.

INPUT PROCESS OUTPUT

• REPORTS

• HARD COPY

• GREEN SCREEN

• PRINTOUTS

• KEYBOARD

• INDUSTRIAL

CONTROLS

• VOICE

BETTER DATA

ANALYTICS

MACHINE

LEARNING

ARTIFICIAL

INTELLIGENCE

© Portions Copyright 2016-2018 Gonc & Associates, Ltd. All rights reserved.

BETTER DATA

ANALYTICS

MACHINE

LEARNING

ARTIFICIAL

INTELLIGENCE

© Portions Copyright 2016-2018 Gonc & Associates, Ltd. All rights reserved.

Business Opportunity / Problem

• Emergence/convergence of new technologies

• Security bolted on

• Firewalls are becoming permeable, no longer a defense

• Corporate data evolving outside the perimeter, outside of our control

• Shift focus from old-school, classic perimeter defense-in-depth to safeguarding the ecosystem

Our Systems of Engagement are Changing

• Everything from data collection, to decision making and customer engagement re-invented through new technologies

• Automation and machine learning is evolving tochange most all business processes

• Increasing digital connectedness is forcing agility

• Cloud-based IT systems support organizationalmobility, flexibility and scaling

The New Interconnectedness …

• Exponentially increases cybersecurity risks and threat levels

• Introduces threat vectors at every touch point

On the journey to digital transformation

cybersecurity must be a top priority

• Maintain confidentiality, integrity, availability, safety and resilience of the data

• Keys to addressing these risks and threats –build security into applications, interconnected

devices, and business practices right from the start

The Reality of the Problem

• Volume and value of data growing exponentially

• With IoT in its infancy, end points are incredibly vulnerable

• Attacks increasing across all industries and economic sectors; growing in number and sophistication

• Next-gen systems and devices deployed in potentially vulnerable environments

• Increased hacking through botnet conversions of devices

• Vulnerabilities in the supply chain have a wildfire effect

It used to take a while to exploit weaknesses,now it’s fast and damage is immediate

Focus on Applications and Data

• Old paradigm is to secure access to networks and applications

• Innovation is leading to an explosion of connected environments

• Attackers will compromise gaps, weakest links

In the very near future, the classic contained enterprise network will no longer exist

• Security must be embedded into all systems and business practices

• To achieve a high level of security, implement “security by default”

Tying It Together w/ Common Understanding

TODAY

• IT and business and operations functions don’t speak the same language as IT and Security

• Responsibility for cybersecurity generally shared by the application team and IT Security

TOMORROW

• Mitigate cybersecurity risk through DevSecOps

• Shift focus to securing application data and devices, close the gaps

• Find understanding and common language

• Create a unified approach and policy for securing systems, devices, applications and data

• Include suppliers, partners, customers, and consumers in the conversation and planning

6 Enablers of Cyber & Digital Innovation

The Board’s Role in Shaping Digital Transformation

Connectivity. Transform interactions and engagement models among internal and external stakeholders.

Experience innovation. Wire the organization to orchestrateand deliver a winning customer experience.

Data intelligence. Use data and analytics to uncover breakthroughbusiness insights and develop products, services, and experiencestailored to customer needs.

6 Enablers of Cyber & Digital Innovation(continued)

Leading-edge innovation. Leverage emerging technologies such asaugmented and virtual reality, machine learning, and AI to createinnovative products and services that help build competitive advantage.

Automation. Use robotics and digital services to automate tasks toimprove operations, deliver more engaging customer experiences,and redeploy talent to higher value activities.

Cybersecurity. Implement best practices and cutting edge security to protect customer data, particularly sensitive information such as health or financial data that is transmitted over connected devices.

9 Things You Can Do Now

1. Understand your regulatory and compliance landscape

2. Understand your risk footprint and determine your risk appetite

3. Implement security governance, policy and employee education

4. Mitigate cybersecurity risks through ‘DevSecOps’

5. Consider project management methodologies, good practices

6. Apply OWASP – development and Q&A

7. Establish basic security hygiene such as CIS TOP 20, ISO2700x, NIST

8. Perform real security risk assessments like CIS RAM

9. Conduct regular testing – vulnerability scans, penetration tests, pre-

assessments

Reading Sources

What is security’s role in digital transformation?

Cybersecurity: security risks and solutions in the digital transformation age

Embedding cybersecurity into digital transformation – a journey towards business resilience

Driving cybersecurity and digital transformation with cloud technologies

Cybersecurity in the Age of Digital Transformation

Mitigate Digital Transformation Cybersecurity Risk With 'DevSecOps'

Laszlo S. Gonc, CISSPNext Era Transformation Group, LLClaszlo@nexteratg.com(708) 710-8423