Now that accelerated digitalization has increased global exposure to cyber risks, should organizations aim to embrace continual cybersecurity-centric ‘transformability’?
In the previous two years of a global rush to digitalize or die, one lesson gleaned from the exercise is that digital transformation (DX) is not a “one-size-fits-all” process.
Each business is unique in its work culture, skill sets, infrastructure, and processes. Therefore, the challenges it faces in implementing DX are unique as well.
According to Nilesh Jain, Vice President (Southeast Asia & India), Trend Micro, this is where we need to think beyond ‘transformation’ and enter the realm of ‘transformability’. That is, the underpinnings of digital transformation are tied to the global landscape — and cybersecurity issues have to be addressed in DX planning so that a transformed organization is also well-prepared for further and continual change.
DigiconAsia: Tell us more about your view that digital transformability now entails the tight link with a strong cybersecurity foundation.
Nilesh Jain (NJ): As the world transforms to digital processes, the cybersecurity landscape has evolved alongside it. The attack surface has grown and vulnerabilities or gaps in the networks have been brought to light as cybercriminals make their move.
Therefore, DX without cybersecurity opens up multiple vulnerabilities, ready for cybercriminals to exploit. These costly vulnerabilities make it crucial for organizations to not sprint towards digital transformability, but pace themselves in this important journey.
Organizations need to carefully design a company-wide cybersecurity strategy at every stage of their transformation to mitigate any attacks and make the best security decisions for their businesses. Usually, such transformation does not happen overnight, nor is it a one-year deployment. It takes more time to digitally transform an organization into one that is continually transformable.
DigiconAsia: Since DX is not “one-size-fits-all”, how should organizations go beyond achieving transformation and aspire towards transformability?
NJ: Instead of transforming the organization all at once, focus on breaking it down into bite-sized goals. This allows organizations to develop a robust security system at every step of the way and ensure that cybersecurity professionals have visibility of the growing attack surface.
- To start, businesses can create a separate team that will implement a project on a smaller scale and create one blueprint that can be replicated on a wider level. Through this, the germination team can help put in place new processes, adopt new technology, training programs, and most importantly, develop the business’ unique successful formula.
- Secondly, transformation requires a full leadership commitment. The harsh truth is that business leaders themselves have to commit to the project and drive it directly. There are no shortcuts or excuses when it comes to that. Developing a new culture, new processes and sometimes a completely new product requires personal willpower and not just money and technology.
- Lastly, once the success formula is developed by the germination team, leaders should form a transformation team that will carry out the implementation of the blueprint to ensure that the initiative is brought to life across all business functions.
DigiconAsia: What new roles and responsibilities are faced by CIOs and CISOs as business transformability catches on?
NJ: A piece of advice that I would like to share is: for CIOs and CISOs to lead with empathy.
Our research shows that cybersecurity professionals are reportedly more anxious, and while they are working more hours than ever, many still feel like they are unable to handle their workloads. CISOs and CIOs need to overcome the challenge of helping their teams manage the ever-growing attack surface.
Having a robust cybersecurity strategy is a prerequisite. Having a solid people strategy so that the team can fully utilize the tools given to them is the icing on the cake. Where talent is concerned, remember that it will be an uphill battle as the shortage of skilled cybersecurity professionals will continue to plague the industry. Avoid any preconceived notions of what it means to be a cybersecurity professional, and make sure to respond empathetically to any issues surfaced by the team.
Most transformation projects require a lot of change in the employees’ day-to-day tasks as well as dedication to constantly improve on current processes. The reality is that it will take more time than most leaders anticipate. They should remain patient and not underestimate the energy, time and investment it will require to transform.
The majority of transformation initiatives are rolled out because of external pressure — from competitors, peers in the industry or customers who demand it. These forces are often not aligned with an organization’s core objectives. Leaders should ask themselves whether each component of transformation serves to improve operational efficiency, optimize costs, ensure customer satisfaction, or deliver better product development.
Most importantly, question if that specific component is going to give them a market edge. While the goals are clear most of the time, they may not be clearly communicated to the teams spearheading transformation efforts.
DigiconAsia thanks Nilesh for his insights and opinions.