Putting CISOs and Security Teams at the Heart of Digital Transformation Strategies

Putting CISOs and Security Teams at the Heart of Digital Transformation Strategies

by November 17, 2021

In a matter of weeks, COVID-19 forced radical changes in customer behaviour, moving significant portions of the economy online and increasing customers’ comfort and willingness to engage digitally.

It has dramatically accelerated the rate of digital adoption in financial services across the Asia Pacific and forced new ways of working.

Now that most banks and financial services providers have completed their urgent cloud projects and adjusted to the “COVID economy,” a new challenge is surfacing – the impending security and compliance reckoning resulting from all of this rapid and forced digital transformation.

According to IDC, chief experience officers (CXOs) cite building resilience/mitigating risk (61%) and cost reduction/optimisation (63%) as their top business priorities.

This is due to the fact that security and compliance took a back seat in a hurry to get digital processes deployed as quickly as possible.

Now, CISOs and security teams must quickly think through the realignment of new business and technology imperatives successfully, build resilience and reduce risk, as well as navigate disruptions.

Effective Risk Management in a Digital Environment

With most interactions with customers happening digitally, CIOs and transformation leaders must align with and involve the cybersecurity function on all innovation matters.

To ensure security efforts have a positive business impact, it’s important CISOs understand each C-level leader’s top business and security concerns because they will differ among stakeholders.

At the same time, CISOs need to understand and effectively communicate a core principle of cybersecurity to C-level stakeholders – no matter how much you spend on security, you can never completely eliminate risk.

Digital Innovation Landscape in Singapore

Cybersecurity is key to Singapore’s smart nation ecosystem which is incorporated into nascent areas such as the Internet of Things (IoT).

The technology underpins Singapore’s Smart Nation ambitions.

The Singapore government is shown to be taking cybersecurity seriously in their recent move to implement Secure Internet Surfing (SIS) for public officers, enabling them to securely access the internet when surfing for information.

Yet, the Cybersecurity Agency of Singapore (CSA) has highlighted a significant increase in cybercrime related to the COVID-19 outbreak.

Cybercrime accounted for 43% of all crimes in Singapore in 2020.

The imperative is clear across the board – CISOs should be digitally enabling the cybersecurity function to keep pace with rapid digital transformation and protect critical assets against increasing levels of cyber attacks.

Megatrends of Cybersecurity in Singapore

Asia-Pacific has become the hotspot of digital innovation in the global financial and banking sector.

However, the past 12 months were dominated by ransomware, online scams, and COVID-19-related phishing activities.

According to an ACI Worldwide 2021 report, 28% of fraud victims suffered identity fraud and hacking of their bank accounts.

There are a couple of emerging cybersecurity trends to watch against the backdrop of an increasingly complex and dynamic cyber threat landscape.

Amongst it is the fact that ransomware has evolved into a massive and systemic threat, spelling an urgency for financial institutions to review their cybersecurity posture and ensure that they build their systems to be resilient in recovering from any successful cyber-attacks.

Additionally, social distancing measures during the COVID-19 pandemic have led to the rapid adoption of remote working.

However, poorly configured network and software systems – which are part of the new remote work ecosystems – have widened the attack surface and exposed organisations to greater risk of cyber attacks.

Transforming Cybersecurity in a Digital Era

CISOs and their partners in the business and IT functions need to think thoroughly about protecting increasingly valuable digital assets, meet stringent customer and regulatory expectations as well as navigate disruptions to existing cybersecurity models as financial institutions adopt agile development and cloud computing.

CISOs should reduce dependence on select individuals who have exclusive knowledge of tools or processes by cross-training team members.

In addition, CISOs and their leadership teams should try to build a positive, dynamic work culture in their organisation.

This could be crucial in attracting and retaining the best talents.

The IDC’s Distributed Integrity Security Model can help CISOs build a strong foundation for IT adversarial risk management in a multi-hybrid cloud world.

The model reframes security from a reactive, threat-oriented model to a proactive, predictive, and integrity-oriented one.

Cybersecurity Recommendations: IDC’s Strategy and Roadmap

While cross-training team members is a good option, according to an IDC survey, 70% of APEJ (Asia Pacific excluding Japan) businesses agree that the lack of skills has or will increase business risks.

Therefore, CISO’s must also innovate security strategies and include cybersecurity partners to augment the areas where internal gaps exist.

IDC provides strategy and technology recommendations to help banks and financial organisations support a secure digital agenda. Some of these include:

  • Aligning security strategies with the latest security trends
  • Striking a balance between business and technology priorities
  • Giving security platforms centerstage
  • Strong partnerships to overcome resourcing challenges
  • Keeping network architecture versatile

Reshaping Cybersecurity Landscape with Fortinet

Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere.

This is why the world’s largest enterprises, service providers, and government organisations choose Fortinet to securely accelerate their digital journey.