Fortinet has today announced the findings of its new 2018 Security Implications of Digital Transformation Survey, which provides insights into the state of cybersecurity in organizations around the world. The findings come from an independent survey of over 300 Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) at 2,500+ employee organizations around the world.
Digital Transformation (DX), the Overwhelming Business Trend Leveraging IT
According to the survey, a majority of organizations have already begun their digital transformation process, with 67% of respondents stating that their organizations started implementing DX more than a year ago, and 95% saying that they are at least trialling a solution today.
Security Challenges to Digital Transformation
While it’s generally acknowledged that DX can fundamentally change how an organization operates and delivers value to its customers, DX can also increase the risk of cyber-attacks. The proliferation of endpoints, increasingly distributed networks, and the exponentially increasing volumes of data and network traffic are all sources of concern for IT security teams and IT departments. CISOs and CSOs certainly agree: 85 percent cite security as the largest hurdle for implementing DX. Key findings from the survey include:
- The median respondent estimates that 25 percent of their network infrastructure is not protected against security threats. This is due to a number of factors – an expanding attack surface that DX can bring, the growth in the volume and level of sophistication of the threats themselves and a lack of staff with the necessary security skills.
- The median organization participating in the survey experienced 20 cyber-attack related intrusions in the past 24 months, with four of these resulting in outages, data loss, or compliance events.
- Two sources of risk are of special concern to CISOs and CSOs: the rise of polymorphic attacks (85%) — threats that constantly morph or change — and vulnerabilities in DevOps (81%).
“The digital transformation or DX wave appears to be sweeping away everything that stands before it, and cybersecurity worries have emerged as a significant obstacle to the transformation process,” said Alain Penel, Regional Vice President- Middle East, Fortinet. “Currently, four areas stand out as particularly acute cybersecurity pain points for organizations adopting a DX approach: cloud computing, with a particular focus on multi-cloud environments; IoT; a burgeoning threat landscape; and rising regulatory pressure.
It is crucial to understand that while organizations are turning to DX to achieve growth as well as other key business objectives, DX processes also require an equivalent security transformation with the integration of security into all areas of digital technology. This results in fundamental changes to how security is architected, deployed, and operated, highlighting why organizations need a programmatic approach to DX and security transformation, one where they are tied in lockstep with each other.
Securing Digital Transformation with a Holistic and Strategic Approach
Looking more deeply into the data, the survey shows remarkable differences between the top-tier organizations – those that have not suffered a damaging attack during the past two years — and bottom-tier organizations – those that suffered 16 attacks which have caused damage during the same time frame. Each group comprised approximately one-third of respondents.
The survey shows that top-tier organizations tended to take a more holistic and strategic approach to security. Among the findings, these top-tiers organizations are:
- 76% more likely to integrate security systems to form a unified security architecture
- 38% more likely to share threat intelligence across their organization
- 34% more likely to make sure safeguards work everywhere (on-premises cloud, IoT, mobile, etc.)
- 24% more likely to build in compliance controls for centralized tracking and reporting, for both industry and security standards
- 24% more likely to have automated more than half of their security practices
- 20% more likely to have end-to-end visibility across all environments
Penel adds, “The implications are clear. Holistic and integrated security strategies are more effective than siloed, reactive ones. A strategic approach becomes increasingly important as an organization’s attack surface increases with the proliferation of devices, whether for a mobile workforce or as part of an IoT initiative and the adoption of cloud, particularly multi-cloud, environments. Further, a comprehensive strategy that unifies IT tools and processes across all parts of the network is necessary for addressing advanced threats such as polymorphic attacks, as well as new vulnerabilities that sneak in because of DevOps. At the same time, integration of security elements is a fundamental requisite for an organization seeking to automate workflows and threat intelligence sharing.”