Today, digitalization is an important part of most business strategies, and established companies in virtually all industries know they must be prepared for disruption. Many are eager to realize quick benefits. Most businesses choose new and innovative cloud services. But are they paying enough attention to security?
In their report, the Norwegian government-appointed Lysne committee for digital vulnerabilities in society wrote that our digital life is challenging our ability to keep information confidential. At the same time, there is a real danger that unauthorized parties will attack and control the equipment we use.
According to the Norwegian National Security Authority, it is usually professionals with vast resources that are motivated to steal information and take control of our equipment. And sometimes they are supported by foreign states. In other words, it is more important than ever to establish a solid foundation for the digitalization efforts in any company.
Build a solid foundation
- We must ensure that cyber security is an integral part of the digital services we adopt for our digitalization efforts. Software houses must integrate security in all their technical solutions. If your organization is buying services, you must be curious and ask your service providers how they integrate security in their services. Keep in mind that you are leaving the most valuable assets in your company – your data – to a third party. So, you must be sure that this third party has full control.
- We must realize that security is about more than technology and digital services. As leaders, we must ensure that security awareness permeates our organization and is a natural part of the mindset of our employees. And it is our responsibility that the knowledge on all levels of our business reflects the new challenges. This will ensure that our employees know how to handle the challenges connected to our new way of living.
- We must be in control of the daily routines and work processes in our organization to create the framework for a safe digital transformation. By developing management systems for security, we make sure that our entire organization is working with security in a structured and systematic way.
What is the consequence of a security breach?
In recent years, several businesses have become excruciatingly aware of the consequences a security breach can have. We saw an example of this during Verizon's acquisition of Yahoo in 2016. In the course of the process, it became clear that two data breaches at Yahoo had exposed hundreds of millions of user accounts. As a result, 350 million dollars were shaved from the purchase price.
We saw another example of the financial consequences of a security breach last year when Mærsk was hit by a crypto virus. They suffered a loss of up to 300 million dollars as a direct consequence of the incident.
These are measurable consequences. But it is far from always that easy to measure the consequences of a security breach. What is the cost of hacking and industrial espionage? When and how do you notice that your business is losing market shares because another business is using confidential information from your business to take your positions?
Make sure your partners take security seriously
When you choose partners to support you in the digitalization of your business, make sure they take security seriously. A digital platform partner, for instance, will be managing your data and values. This means you must be confident that they are following a holistic security strategy.
How do you minimize the risk of a security breach when you are choosing a partner?
- Find out how they work with the organization of security internally. Have they built a management system for information and cyber security? In that case, they are working with security issues in a structured manner. You can expect them to have established security practices and to work proactively on improving the security of the products and services they deliver to you.
- Ask them how they have safeguarded their technology. Is built-in security an integral part of their product and service deliveries? Avoid vendors who refer to older security models with antivirus and firewalls.
- Check whether they have built-in capacity to prevent security breaches. Can they document they have the capacity to detect security breaches, respond to such breaches, and restore normal conditions with as little consequence as possible? As the examples from Yahoo and Maersk show, you must assume that security breaches can happen no matter how strong the security is.
Make security a key theme in your business
There is no doubt that the consequences of a breach of security - whether it is measurable or not - can be very serious. That is why we need to discuss cyber threats at management meetings and in boardrooms. We can no longer leave security solely to our IT departments. As leaders, we must be familiar with the risks we are exposed to and set the course of our business accordingly. If we make the right choices now, the digitalization will lead to the growth we want.
Hege Skryseth has worked for KONGSBERG since August 2013 holding various management positions within the Group’s corporate team. She has been the President of Kongsberg Digital, and Chief Digital Officer of KONGSBERG since March 2016. Skryseth also holds broad experience from several leading international technology companies and has been a board member for various organizations including her most current participation with eSmart Systems.