Changing Employee Mindsets During Digital TransformationKrishnamurthy Rajesh on How CISOs Can Ensure That the Business Succeeds While It Transforms
New technologies such as artificial intelligence, big data analytics, machine learning and robotics are making a lot of headway. While doing digital transformation, we as CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that we must have and those that are good to have.
See Also: MITRE ATT&CK Evals Explained
We choose technologies because we think they are innovative, or as a knee-jerk reaction, or because they seem to address market competition and ROI. But these choices can lead to failure - not only of the technology, but of the business itself.
Sometimes CISOs fail to understand that the business was there before the evolution of technology. Technology is just a medium for doing business in a much more effective, automated, process-driven and faster way. It has elevated and completely changed the lives of mankind, especially in critical areas such as healthcare, communication and energy.
But the human mind is behind all of the technology, and we cannot say machines are better than humans when it comes to thinking or intelligence.
To achieve maximum benefits and success with any new project or implementation, you as a CISO need to study scientifically proven analysis rather than be influenced by individuals, functions or competitive business.
We fail to understand that any new product always has cost and risk elements attached to it. You need to analyze elements for market feasibility and in the context of the current ecosystem of the organization before the product is put into production. That analysis requires cooperation, transparency and input from different functions of business, including manufacturing, warehouse, service and delivery, marketing, finance, human resources and compliance.
Making changes in isolation or not considering the impact of a change at the overall level may open the door to a security breach.
And during that process, it is extremely important for the organization to change the mindset of its employees. Staff should adapt to changes and be willing to provide feedback.
In a changing social and technology landscape, it is very important that the staff understands the impact of any changes in a collaborative way. Making changes in isolation or not considering the impact of a change at the overall level may open the door to a security breach.
Once you adopt a new technology or process, you need to assess and update information security posture as well. New technology comes with its own security challenges. This becomes more critical when an organization tries to mix new technology with an existing legacy system from an operational and ROI prospective.
Managing IT and OT data while ensuring last-mile connected device security is another hurdle. While SaaS and cloud have reduced cost and ensured availability, information and data security always remain challenging.
Information security plays a vital role in digital transformation activity, and the mindset of the employees is directly related to the overall information security position of an organization. CISOs should:
- Collaborate with cross-functional teams to get buy-in;
- Do end-to-end planning with risk identification and mitigation strategy at the group/enterprise level;
- Work collectively and with transparency rather than making isolated decisions;
- Treat external entities as partners rather than vendors;
- Revalidate security threat and create a security framework for all technology implementation, including business applications;
- Create a Quick Response Team, or QRT, consisting of representatives from technology and business who have the authority to make decisions;
- Implement a state-of-the-art enterprise security framework and an AI- and ML-enabled Security Operation Center, or SOC, at the group/enterprise level. This is in addition to standard security implementation, such as DLP, endpoint security and data protection;
- Create information security awareness among business users;
- Ensure that the IT team receives regular skill updates.
I believe that taking these steps during digital transformation will help ensure a high degree of security for the organization.
CyberEdBoard is ISMG’s premier members-only community of seniormost executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.
Krishnamurthy Rajesh has over 20 years of experience at information technology leadership roles in Indian and global environments. He has expertise in strategizing and implementing different elements of technology and process from the inception stage to operation. This includes information and data security, digital transformation and adapting to cutting-edge technology such as AI, IoT, M2M and RPA while keeping innovation and ROI as a base. Before ICRA, Rajesh was associated with ITC Ltd., ORIX Auto Infrastructure Services Ltd., Magma Fincorp, Bahwan Cybertek LLC and has experience in setting up a consulting practice in the Industry 4.0 domain.