As more companies embark on digital transformation strategies, every employee needs to have security at the forefront of their mind. Hervé Coureil, Chief Digital Officer, Schneider Electric offers three pieces of advice for organisations looking to strengthen their cybersecurity strategy.
Security is everyone’s job now. These are wise words from Amazon’s CTO Dr Werner Vogels, especially for companies embarking on a digital transformation or accelerating their journey.
Why should we all consider this advice? A recent report released by McKinsey shows impressive figures – more than 100 billion lines of code are created annually and hackers produce some 120 million new variants of malware every year.
A strong cybersecurity strategy is essential. Gartner research predicts that by 2020, 60% of digital businesses will have suffered a major service failure.
Cybersecurity is a business issue
Is it any wonder then, that cybersecurity issues keep all of us up at night? The fundamental issue is not about developing new cybersecurity capabilities as part of business strategy. Instead, it’s about integrating them seamlessly.
What do I mean by that? Here, we need a big shift in mindset: first, in thinking that adding a cybersecurity layer will make software and products more complicated to use and, second, in regarding cybersecurity only as an IT issue.
In that context, here are three approaches central to a cybersecurity posture:
- Digital user-experience: Cybersecurity cannot be an afterthought; it must be completely embedded in the user experience. Worsening the user experience or adding friction can prompt users to find a ‘work around’ that can ultimately – and unintentionally – worsen the overall security posture.
- Everyone’s problem: We must find a way to make cybersecurity something that everyone at a digital company thinks about – even without overtly thinking about it. About two-thirds of malware linked to data breaches or other incidents last year came from malicious email attachments. It takes just one bad click to open the gates to the nefarious cyber-underworld. So, cybersecurity must become engrained in each of our daily actions. As a global company in over 100 countries, Schneider drills down to the individual level, providing ongoing learning and enablement about cybersecurity.
- A layered approach: For any company, a perimeter defence is not enough in today’s digital world. Everyone is connected constantly – from our homes, smartphones and across the distributed enterprise network. A layered approach is essential as we cannot just rely on a moat – as wide as it is – in today’s hyper-connected world. For that perspective, the NIST framework, is an incredibly useful reference as it defines different levels of defence (version 1.1 of the NIST framework was released on April 16), from the identification of risks to the recovery from incidents (resilience).
The power and profit of IT/OT convergence
The Schneider Electric cybersecurity strategy doesn’t mean only building higher walls around the perimeter. Instead, it means multiple tiers with a well-defined ‘detect and response’ strategy front and centre.
No company is a castle. In one recent example, hackers even infiltrated a casino’s database through a seemingly innocuous smart thermometer in its lobby aquarium.
Considering its global footprint and presence, Schneider is exposed to the risk of cyberattacks and data privacy breaches just like any organisation. With the rapid convergence of IT/OT, moreover, fuelled by the Internet of Things, we adopt Vogels’ stance that, ‘everyone should be a security engineer in a digital company.’
From our ‘cybersecurity by design’ approach across our IoT-enabled EcoStruxure architecture to our ensuring that both IT and OT stakeholders have a seat at the cyberstrategy table, we drive digital transformation with a strong cybersecurity posture. We pave the way for our customers and partners to thrive in the digital economy. Rest assured.