By Jon McGettigan, Regional Director Australia, New Zealand & Pacific Islands, Fortinet
Information technology is moving from a tool for business into the business itself. Networks and automation are pervasive for most Australian enterprises. With the growing reliance on cloud-based and software-defined networking, artificial intelligence and IoT (internet of things), information technology is becoming a source of value creation in its own right. This digital transformation has been dubbed the ‘fourth industrial revolution’ and it’s happening in your industry, ready or not.
Digital transformation is changing the way we engage with our staff and customers and the way we create and deliver value. Digital transformation is not predicated on available infrastructure…the technology is here and now and it works. Think organisations like the Apples, Googles, Amazons and Alibabas of the world. If you’re not embracing digital transformation and a fundamental shift in thinking, you might be looking for another job in the not too distant future.
Risks of digital transformation
Australian enterprises face three major classes of risk on the pathway of digital transformation. The biggest risk involves not moving fast enough to seize new opportunities and adopt faster, hyper-automated processes. The second risk involves not making the most appropriate investment decisions regarding which technologies to embrace, which people to hire and which firms to establish ecosystem partnerships with. These are big picture, long-term executive-level decisions and ones which Boards are grappling with as we speak. But the third risk, cybersecurity, needs to be addressed right here, right now.
Cybersecurity business risk takes three distinct forms:
Exploits such as ransomware, denial-of-service (DDoS), data theft, site hijacking and resource theft can seriously disrupt business operations. Some disruptions might only interfere with internal operations and processes. Others, such as DDoS attacks and site hijacking, can become sources of brand damage and public embarrassment.
Customers, investors, and partners will avoid doing business with any enterprise that exposes them to potential harm. Some incidents are directly visible to stakeholders when they interact with your business. And reputational damage can mushroom when incidents become news events through journalistic reporting, mandatory data breach notification or public disclosure.
This consists of investing in security products that don’t work, don’t integrate with other security products and protect assets and processes that really don’t matter. Remember, every dollar spent on subsidising inefficiencies or defending non-essential processes is a dollar less that could be invested more productively elsewhere.
Not all security products are created equal. This is especially critical as you embrace multi-cloud and software-defined infrastructures. All too often point security solutions cannot communicate with other security devices. This makes collecting and correlating threat intelligence to detect, contain and mitigate advanced threats difficult if not impossible.
Focus on Vulnerabilities
The first step in reducing these risks is to prioritise your business processes in respect to cybersecurity. Effectively managing cybersecurity risks requires a thorough assessment of what’s important to your business, determining how and where critical data and applications are vulnerable to attack and what means should be deployed to protect them.
Where is your enterprise vulnerable to cybersecurity disruption across its value chain? By building up an inventory of vulnerabilities, enterprises gain a picture of what cybersecurity professionals call the “attack surface.” The attack surface is how adversaries target your enterprise both in terms of what’s worth stealing or corrupting and how to bypass your defences.
What are priorities for investment to shore up vulnerabilities against attack?
Setting priorities is all about of timing: which vulnerabilities should we address first. A comprehensive analysis of data, applications, business processes is a critical first step. But that’s just a snapshot of where you are now. You’ll have to think forward, to what your enterprise will look like in six months, a year and further out. Only then can you future-proof your enterprise to successfully tap into the benefits of digital transformation.
Investment in cyber security is a business decision revolving around the most cost-effective ways and means to address mission-critical vulnerabilities. This approach enables enterprises to factor security into their overall risk management strategy. Digital transformation demands that cybersecurity is not a technology discussion, but a business risk/reward/investment calculation.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
About the author
Jon McGettigan is Fortinet’s Regional Director Australia, New Zealand & Pacific Islands. As such, he is responsible for driving Fortinet’s continued expansion in the Australasian region through building and maintaining relationships with enterprises, partners and staff. As a senior executive, he understands the risks, motivations and opportunities that face executives as they transform their networks into 21st century revenue centres.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.