CFOtech New Zealand - Technology news for CFOs & financial decision-makers
Story image
Digital Transformation: Is your business prepared?
Fri, 28th Jun 2019
FYI, this story is more than a year old

Information technology is moving from a tool for business into the business itself.

Networks and automation are pervasive for a growing number of New Zealand businesses of all shapes and sizes.

With the growing reliance on cloud-based and software-defined networking, artificial intelligence and IoT (internet of things), information technology is becoming a source of value creation in its own right.

This digital transformation has been dubbed the ‘fourth industrial revolution' and it's happening in your industry, ready or not.

Digital transformation is changing the way we engage with our staff and customers and the way we create and deliver value.

Digital transformation is not predicated on available infrastructure…the technology is here and now and it works.

Think organisations like the Apples, Googles, Amazons and Alibabas of the world.

Digital transformation is gaining momentum.

Is your business prepared?

Risks of digital transformation

New Zealand businesses face three major classes of risk on the pathway of digital transformation.

The biggest risk involves not moving fast enough to seize new opportunities and adopt faster, hyper-automated processes.

The second risk involves not making the most appropriate investment decisions regarding which technologies to embrace which firms to partner with.

These are big picture, long-term executive-level decisions and ones which upper-level management are dealing with as we speak. But the third risk, cybersecurity, needs to be addressed right here, right now.

Cybersecurity business risk takes three distinct forms:

Operational Risk. Exploits such as ransomware, denial-of-service (DDoS), data theft, site hijacking and resource theft can seriously disrupt business operations.

Some disruptions might only interfere with internal operations and processes. Others, such as DDoS attacks and site hijacking, can become sources of brand damage and public embarrassment.

Reputation Risk. Customers, investors, and partners will avoid doing business with any enterprise that exposes them to potential harm.

Some incidents are directly visible to stakeholders when they interact with your business.

And reputational damage can mushroom when incidents become news events through journalistic reporting, mandatory data breach notification or public disclosure.

Investment Risk. This consists of investing in security products that don't work, don't integrate with other security products and protect assets and processes that really don't matter. Remember, every dollar spent on subsidising inefficiencies or defending non-essential processes is a dollar less that could be invested more productively elsewhere.

Not all security products are created equal.

This is especially critical as you embrace multicloud and software-defined infrastructures.

All too often point security solutions cannot communicate with other security devices.

This makes collecting and correlating threat intelligence to detect, contain and mitigate advanced threats difficult if not impossible.

Focus on vulnerabilities

The first step in reducing these risks is to prioritise your business processes with respect to cybersecurity.

Effectively managing cybersecurity risks requires a thorough assessment of what's important to your business, determining how and where critical data and applications are vulnerable to attack and what means should be deployed to protect them.

Where is your enterprise vulnerable to cybersecurity disruption across its value chain?

By building up an inventory of vulnerabilities, enterprises gain a picture of what cybersecurity professionals call the ‘attack surface.'

The attack surface is how adversaries target your business both in terms of what's worth stealing or corrupting and how to bypass your defences.

What are priorities for investment to shore up vulnerabilities against attack?

Setting priorities is all about of timing: which vulnerabilities should we address first.

A comprehensive analysis of data, applications and business processes is a critical first step. But that's just a snapshot of where you are now.

You'll have to think forward, to what your business will look like in six months, a year and further out.

Only then can you future-proof your business to successfully tap into the benefits of digital transformation.

Conclusion

Investment in cybersecurity is a business decision revolving around the most cost-effective ways and means to address mission-critical vulnerabilities.

This approach enables enterprises to factor security into their overall risk management strategy. Digital transformation demands that cybersecurity is not a technology discussion, but a business risk/reward/investment calculation.

About the author

Jon McGettigan is Fortinet's Australia, New Zealand - Pacific Islands regional director. As such, he is responsible for driving Fortinet's continued expansion in New Zealand through building and maintaining relationships with businesses, partners and staff. As a senior executive, he understands the risks, motivations and opportunities that face IT managers as they transform their networks into 21st century revenue centres.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.

Fortinet Security Insights is a series of hard-hitting discussions of trends in the cybersecurity world, how they will affect your enterprise and what you should be doing to prepare for digital transformation.