You don’t want to see a headline about your cybersecurity lapses. Nor do you want vocal critics to sully your carefully cultivated stellar reputation. You want to avoid the cost and disruption of cleaning up after a cybersecurity incident.
Treating cybersecurity as an afterthought or something others will address during digital transformation projects is always a mistake. It leads to leaving avoidable cybersecurity holes that bad actors love to exploit.
Thankfully, there are steps you can take to guard against the vulnerabilities that digital transformation initiatives often uncover. Here are actions 6 through 10 from the top 10 actions organizations can take to minimize cybersecurity risks during digital transformation.
You can read actions 1 through 5 at this link.
Evaluate SCADA/IIoT integration points
Some digital transformation projects bring SCADA/IIoT data from operational technology (OT) infrastructure into the realm of IT systems. Often these two realms are managed by different executives with different mandates and priorities.
Evaluate the cybersecurity risks of the digital transformation projects’ SCADA/IIoT integration points. These points are often represented by a server or network device whose management responsibility is vague or ambiguous. As a result, the cybersecurity defences can be uneven.
Act on the conclusions of your integration point evaluation. They typically include the following:
- Clarifying roles and responsibilities for the devices.
- Updating and perhaps upgrading the devices.
Test Application Programming Interfaces
Most digital transformation projects develop custom application programming interfaces (APIs) for integrating databases or to allow software developers of external partners to access specific applications within the organization’s computing environment.
When attackers discover these APIs, they can easily create software to cause data breaches. The response to this risk is to ensure the following:
- Test the API software thoroughly.
- Change authorized credentials to access the API regularly.
- Log use of the API and review the log regularly.
- Store the API source code securely. Never publish it at an open-source repository.
- Limit the circulation of the developer guide for using the API. Please don’t post it on the web.
For a more technical discussion, please read: API security: 12 essential best practices.
Assess technology changes
Often digital transformation projects introduce changes to the suite of information technologies that an organization operates. New technologies introduce or revise cybersecurity risks.
Your project team should update its IT cybersecurity risk assessment when technology changes occur and act on new findings.
Confirm CSP cybersecurity defences
Many digital transformation projects include a cloud component. That component can be either the use of a computing infrastructure operated by a cloud service provider (CSP) or a cloud operated by a SaaS provider.
Because most CSPs operate extensive cybersecurity defences and proudly describe this work as a valuable customer benefit, most customers don’t invest more effort in cloud cybersecurity assessment or testing.
It’s prudent to allocate a modest effort to confirming the comprehensiveness of your CSP’s cybersecurity defences.
Conduct an OT cybersecurity risk assessment
Sometimes digital transformation projects reveal that the realm of operational technology (OT) has not received the same amount of cybersecurity attention as IT. In this case, an OT cybersecurity risk assessment should be conducted.
The International Society of Automation (ISA) standard Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program (ISA-62443-2-1) provides valuable guidance for developing a business rationale for OT cybersecurity investments.
Organizations materially reduce cybersecurity risks by including these actions in the scope of their digital transformation projects.
What ideas can you contribute to help organizations minimize cybersecurity risks? We’d love to read your opinion. You can share that with us below. Select the checkmark for agreement or the X for disagreement. In either case, you’ll be asked if you also want to send your comments directly to our editorial team.
