listen to this article:
Many businesses, organizations, and government agencies were already deep into digital transformation efforts before the health pandemic of 2020 hit, forcing an even more rapid pivot to online ordering, remote education, home delivery, and remote and distributed work models. Business processes that were being transformed to capture new consumer behaviors, reap efficiency rewards, and position for changing business models moved from being driven opportunistically to a basis of survival.
What is Digital Transformation?
Digital transformation is the process of leveraging new digital tools, channels, and capabilities for doing business, running organizations, and performing government functions. With frequent innovation in the digital tools, channels, and capabilities available to organizations, there’s a continual opportunity for transformation to reach new customers, serve current customers in enhanced ways (as consumer behavior changes), and interact with employees, business partners, and supply chain members differently (e.g., think Zoom meetings, enterprise social networks, and mobile apps). Digital transformation includes activities such as migrating from legacy on-premises systems to newer cloud services, along with supporting new ways of working – such as embracing a fully distributed staffing model with employees working from home, which was a new change for many organizations in 2020.
Digital Transformation Accelerates Business
Digital transformation is a key driver behind some of the macro trends we’ve seen over recent years. The rapid ascendancy of Amazon as a key shopping destination of choice for tens of millions of people is in part a digital transformation story and was also greatly enabled by Amazon Prime’s rewiring of expectations about how long it should take for something to be delivered – another digital transformation story of tightly interconnected supply chains and delivery routes. The rapid adoption of smartphones and mobile apps which put shopping for anything at your fingertips wherever you are is a digital transformation story, due to its creation of new digital channels to market (e.g., the smartphone in your pocket, the app on your phone). Online shopping now commands over 18% of all retail sales worldwide, and is expected to hit almost US $5 trillion in value this year. Those numbers highlight that 2020 was an inflection point for online shopping, because people stuck at home due to the pandemic needed some mechanism for buying what they needed when physical presence was increasingly difficult; retail e-commerce sales grew at a faster rate from 2019 to 2020 compared to the annual growth rate for any of the previous 6 years and the forecast for any of the forecasted 4 years to follow. Retailer have been able to amass huge volumes of data on purchasing patterns, consumer preferences, and what does and doesn’t sell.
Access to Cloud Services Speeds Digital Transformation
Another area where we see the digital economy taking root is in the use of cloud services for running operational processes at organizations. What used to take months or years to build for on-premises delivery can now be had within minutes, as providers large and small offer an ever-expanding range of infrastructure-as-a-service, platform-as-a-service, and services-as-a-service offerings. Cloud-native providers integrate capabilities from an ecosystem of other cloud providers to drive rapid innovation and going “all-in” on the cloud by organizations signals a transformation towards reliance on the cloud rather than on-premises servers, datacenters, and other computing infrastructure. Confidential and sensitive data that was protected behind multiple layers of perimeter and network security tools is now stored in multi-tenant public cloud services.
What Are the Benefits of Digital Transformation?
Digital transformation sprinkles benefits all over the place:
- Consumers love the frictionless ability to order whatever they want when they want it.
- Many employees have relished the freedoms afforded by new work-from-home models – albeit not the Zoom fatigue.
- Organizations have decreased time to market for new products and services by leveraging cloud capabilities, tapped new consumer markets, and found new sources of employees available to work in new work models and through digital channels.
New Benefits, New Challenges
We could stop the cheerleading there, except we would miss another group that has also rubbed their hands in glee at the rapid pivot to digital transformation: cybercriminals. As more organizations across the public and private sectors have jumped to new digital go-to-market approaches, more opportunities have opened for cybercriminals to pick their targets, deploy their wares, and reap financial rewards from a growing arsenal of malicious tricks.
The Security Risks of Digital Transformation
Cybercriminals are leveraging digital transformation to attack data, systems, and people.
Threats Against Data
As both transactions and interactions happen increasingly through digital channels, the volume of data to be captured, stored, managed, and protected increases. For businesses, data is what they use to understand consumer behavior, drive cross-sell and up-sell campaigns, and forecast demand patterns. That same data is of interest to cybercriminals too. It enables identity theft, informs targeted phishing campaigns, feeds the design of business email compromise attacks (e.g., for diversion of payroll funds or invoice payments), and more. There are many statistics available on data breaches, and an exhaustive listing would require an entire collection of blog posts. One among the many is that 8.4 billion individual documents were leaked in the first three months of 2020, with the majority coming from just 11 breaches of at least 100 million records per breach. The number of breached records in the first three months of 2020 was higher than the combined number of breached records for the first three months of 2013 to 2019. The problem is getting worse.
Threats Against Systems
When new systems and applications are adopted to support digital transformation initiatives and legacy systems are retrofitted to connect to the online world, while businesses celebrate their expanded asset base to deliver digitally, cybercriminals rejoice in the ever-growing attack base available for compromise. Ransomware attacks have become a particularly destructive attack form, with critical systems compromised at the worst times possible, data stolen for threatened resale as a way of increasing the likelihood of a ransom being paid, and other types of added extortion designed into attacks to increase the likelihood that the cybercriminals will receive a financial payday from their misdemeanors. High profile ransomware attacks against targets such as Colonial Pipeline and the Irish Health Service grab international news headlines, but there are many other less disclosed attacks. One study found that almost 300 organizations were compromised in the first four months of 2021 by six ransomware gangs (), with ransom payments of at least $45 million being paid for quick recovery.
Threats Against People
Business relationships are writ large through massive online professional networking services (e.g., LinkedIn), and both personal and business personas and relationships are complicatedly intertwined in social media services that cater to a global audience (e.g., Twitter, Facebook, Instagram). With easy access to several billion people available through computers and devices, it is unsurprising that cybercriminals are active on such services too. From fake friend requests, to scraped profiles impersonating someone you apparently know, to the use of fake profiles for building rapport and pretexting an attack, to fake job offers (e.g.,), the transformation of relationships from the known and physical to the ephemeral and opportunistic, the lack of warning signals, and the ease of getting through the normal gatekeepers combine to create a perfect situation for cybercriminals.
Conclusion: Embracing Transformation, Assuring Security
There’s a “both/and” conclusion to all of this: yes, embrace digital transformation where that makes business sense for your organization and aligns with the strategic dreams and drivers behind what you are doing. And at the same time, pay careful attention to the data, systems, and people that such transformation exposes to the world. Well-designed, carefully implemented, and prudently stress tested security mechanisms will be needed to assure the opportunities opened by digital transformation.