Fortinet survey pinpoints myriad business security implications of digital transformation

Fortinet, a global leader in broad, integrated and automated cyber security, has announced the findings of its new 2018 Security Implications of Digital Transformation Survey, which provides insights into the state of cyber security in organisations around the world. The findings come from an independent survey of over 300 Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) at 2,500-plus employee organisations around the world.

According to the survey, a majority of organisations have already begun their digital transformation (DX) process, with 67% of respondents stating that their organisations started implementing DX more than a year ago, and 95% saying that they’re at least trialling a solution today.

There’s a good reason for this rapid growth of DX: 85% of the CISOs and CSOs surveyed highlight that DX is having a large impact on their businesses. When it comes to DX, some of the areas of fastest adoption include the Internet of Things (IoT) and Artificial Intelligence/machine learning.

While it’s generally acknowledged that DX can fundamentally change how an organisation operates and delivers value to its customers, DX can also increase the risk of cyber attacks. The proliferation of endpoints, increasingly distributed networks and the exponentially increasing volumes of data and network traffic are all sources of concern for IT security teams and IT Departments. CISOs and CSOs certainly agree: 85% cite security as the largest hurdle for implementing DX.

Key findings from the survey

*The median respondent estimates that 25% of their network infrastructure isn’t protected against security threats. This is due to a number of factors – an expanding attack surface that DX can bring, the growth in the volume and level of sophistication of the threats themselves and a lack of staff with the necessary security skills

*The median organisation participating in the survey experienced 20 cyber attack-related intrusions in the past 24 months, with four of these resulting in outages, data loss or compliance events

*Two sources of risk are of special concern to CISOs and CSOs: the rise of polymorphic attacks (85%), ie threats that constantly morph or change, and vulnerabilities in DevOps (81%)

“The DX wave appears to be sweeping away everything that stands before it, and cyber security worries have emerged as a significant obstacle to the transformation process,” said Paul Anderson, regional director for the UK and Ireland at Fortinet. “Currently, certain areas stand out as particularly acute cyber security pain points for organisations adopting a DX approach: cloud computing (with a particular focus on multi-cloud environments), the IoT, a burgeoning threat landscape and rising regulatory pressure. It’s crucial to understand that, while organisations are turning to DX to achieve growth as well as other key business objectives, DX processes also require an equivalent security transformation with the integration of security into all areas of digital technology. This results in fundamental changes to how security is architected, deployed and operated, highlighting why organisations need a programmatic approach to DX and security transformation whereby they’re tied in lockstep with each other.”

Securing DX with a holistic and strategic approach

Looking more deeply into the data, the survey shows remarkable differences between the top tier organisations (ie those that have not suffered a damaging attack during the past two years) and bottom tier organisations (ie those that suffered 16 attacks which have caused damage during the same time frame). Each group comprised approximately one-third of respondents.

The survey shows that top tier organisations tended to take a more holistic and strategic approach towards security. Among the findings, these top tiers organisations are:

*76% more likely to integrate security systems to form a unified security architecture

*38% more likely to share threat intelligence across their organisation

*34% more likely to make sure safeguards work everywhere (on-premises cloud, IoT, mobile etc)

*24% more likely to build in compliance controls for centralised tracking and reporting covering both industry and security standards

*24% more likely to have automated more than half of their security practices

*20% more likely to have end-to-end visibility across all environments

Anderson continued: “The implications are clear. Holistic and integrated security strategies are more effective than siloed and reactive ones. A strategic approach becomes increasingly important as an organisation’s attack surface increases with the proliferation of devices, whether for a mobile workforce or as part of an IoT initiative and the adoption of cloud, particularly multi-cloud, environments. Further, a comprehensive strategy that unifies IT tools and processes across all parts of the network is necessary for addressing advanced threats such as polymorphic attacks, as well as new vulnerabilities that sneak in because of DevOps. At the same time, the ongoing integration of security elements is a fundamental requisite for any organisation seeking to automate workflows and threat intelligence sharing.”

Methodology for the study

For the 2018 Security implications of Digital Transformation Survey, 300 security leaders were surveyed across Australia, Asia, Europe and North America. As CISOs/CSOs, all participants are responsible for security at an organisation with more than 2,500 employees. The organisations where they work are active in a variety of industries/sectors, such as education, Government, financial services, healthcare, technology and energy.

Click here to download the full survey report

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts