Adopt Digital Risk Management on Your Digitalization Journey
Rajnish Gupta is the Regional Director at RSA India and SAARC, and has been heading RSA India since September 2017. Rajnish Gupta joined RSA in mid-2012 as enterprise sales head for RSA in the region. Before joining RSA in 2012, he was regional sales director for Symantec for over a year.
Digital transformation is redefining business risk. Informed by a combination of modernisation (digital transformation), malice(the growing risk of cyber attack) and mandates(regulatory & compliance requirements), digital transformation leaves organisations scrambling for ways to address new security and risk challenges that are difficult, large in scale and continually evolving. In fact, 91% of businesses are facing persistent barriers to digital transformation, with 53% of Indian organisations citing data privacy and security concerns as the number one barrier.
Cloud, mobility and the Internet of Things the fundamental elements of digital transformation open organisations up to more interactions and opportunities, and to greater risk. Working with third parties, a remote workforce, and digital technologies that connect your business to the world can elevate cyber risk to rise to a critical level across the organisation.
A cyber incident no longer interrupts just IT, where the damage may once have been neatly contained and easily addressed; it disrupts the entire business. And the damage whether it is from a theft of corporate IP, a breach of customers’ personal data or other event can be devastating.
In the pursuit of modernization, digital technology offers organizations opportunities to transform their operations, resulting in increased speed, agility and efficiency. However, the explosion of information, users, connected devices, digital channels and third party applications introduces new threats and risks. The technical complexity, combined with a cybersecurity talent shortage 1.5 million by 2020 and organizational silos, can create an abundance of new opportunities for adversaries, who have more tools, resources and patience than ever before. Regulatory bodies are trying to drive more accountability for data security and privacy by enforcing risk-based requirements versus prescriptive checklists. Security and risk requirements are converging to shift the conversation from technology focused security issues to business risk.
Many times, traditional, siloed approaches to risk management and security will present obstacles. These silos create 'blind spots' in understanding
the true nature of risk as visibility is disrupted by the 'cracks' between functions. Organizations are missing key insights to drive actions that can make the difference in making the right business decisions. The 'blind spots'highlight the struggle organisations face today to operationalize the integration between risk management functions and cyber/IT security operations. Digital operations increase the speed and scope of business impact resulting from cyber incidents, making cyber risk the heart of digital risk. Digital Risk Management depends on the strength of the intersection between understanding business risk and the effectiveness of security operations.
A cyber incident no longer interrupts just IT, where the damage may once have been neatly contained and easily addressed; it disrupts the entire business
Identifying clear risks, assessing their impacts, and deciding the correct plan of action sets in motion a riskbased approach. Depending on an organisation’s digital initiative, this could begin with compliance, security, resiliency or several other points of entry to addressing digital risk. Organisations can leverage existing tools and processes and will need to evolve them to address the fast moving, high stakes of digital operations. Removing the blind spots between functions will help organisations understand what exposures exist. It can empower them to create an integrated strategy that enables innovation while managing risk around the most important parts of their new and evolving business operations.
In order for organisations to navigate the changing domains of risk as a modern, digital enterprise, they need a different set of capabilities to capitalize on their opportunities. It can be summed up into three categories: visibility, insights and actions. When it comes to visibility, organisation will be presented with a diverse set of needs. At its core, it is about setting up a system of engagement enabling organisations to integrate data from a diverse set of sources to include business objectives, input from users, assets, and third-party relationships and context. Filling in the ‘cracks’. All of this visibility drives insights – which in the world of risk management provides the ability to determine the prioritisation by weighing identified risks against business context. For insights to be really powerful, they should be able to leverage a historical perspective to help predict the future. As one might expect, insights then drive actions, to provide the appropriate risk information back to the first line of defence to enable better business decisions. Implementing an integrated strategy. They also need to track the steps, workflow, accountability and status of risk response actions.
Steps organisations can take to shape their risk posture include:
1.Uncover where digital risk exists: Do you rely on or engage third and fourth parties? Do you have contractors or sub-contractors, temporary employees?
2.Assess how prepared you are to handle risk: Are your employees aware of data privacy regulations imposed by countries other than your own? What steps have you taken to address this risk, and what steps still need to be taken?
3.Quantify the cost to manage cyber risk: What is the cost of not managing a risk, which could be the result of a major cyber incident?
Digital transformation is changing how companies think about business, and how they think about risk. What is at risk for businesses today is dramatically different from what was at risk not all that long ago. The forces that shape and define risk have changed completely over the last few years, as have the strategies and actions to manage that risk.
In the fast changing world of technology, where 94% of Indian organizations say they will disrupt rather than be disrupted, they must to be prepared to manage new and emerging digital risks to secure their business progression and innovate for growth. Businesses cannot eliminate digital risk by halting the progress of digital initiatives and need to manage these risks by breaking down the barriers between their security and risk functions. Digital Risk Management is a process companies must implement to address risk in digital operations.