Oct 12 2020

CDW Tech Talk: How to Manage Digital Transformation in Times of Crisis

Follow these five action items to lead change under trying circumstances.

It’s harder than ever for organizations to keep their networks secure, yet it’s also never been more important. To succeed, businesses must understand the always-changing nature of the threat landscape while focusing on their top priorities.

So argues MK Palmore, vice president and field chief security officer, Americas, for Palo Alto Networks, speaking to virtual attendees at the CDW Tech Talk, “Maximizing IT Resilience with Adaptive Security and Infrastructure,” where industry experts are discussing modern cybersecurity and risk management issues.

Palmore, who spent 22 years as a special agent in the FBI’s cybersecurity branch, said three things are conspiring to make security a greater challenge for organizations: connectivity, the cloud and artificial intelligence.

“In the next few years, we expect as many as 42 billion devices to be connected to the internet, creating an expansive attack surface,” Palmore said. “At the same time, we know that most organizations are in the midst of some kind of cloud transformation. That creates challenges because the same mistakes that organizations are making in on-prem environments, they’re also making in the cloud. And the prevalence of data and AI — how will this impact your digital transformation and how will you leverage it to ensure security?”

For Businesses Digital Transformation Projects Have Accelerated

Palmore noted that while the COVID-19 pandemic has forced some businesses to close and others to migrate to remote work environments, it hasn’t stopped organizations’ need to collaborate or to pursue ambitious digital transformation projects. On the contrary, 85 percent of organizations have accelerated those efforts this year, according to research by McKinsey.

That’s created an additional need for security. Palmore cited an IDC survey in which half of the respondents said their spending priorities for security solutions have increased since the start of the pandemic; only 7 percent said security spending is less of a priority.

That growing attention to security has come about partly because of the increase in remote work, but the nature of cyber adversaries hasn't really changed, he said. For many years, the main worries have been advanced persistent threats, malicious nation-states, so-called “hacktivists” who are motivated a political cause, and insider threats.

At the same time, while public sector, healthcare and financial services organizations continue to be the most heavily affected by cybersecurity attacks, small businesses are now also being targeted by threat actors, according to the most recent Verizon Data Breach Investigations Report.

“The troubling thing that’s still present is that it’s taking an average of 180 days for organizations to discover that they have been breached,” meaning hackers can take their time stealing data and otherwise causing havoc, he said.

READ MORE: Learn how to detect and respond to cybersecurity attacks faster.

Five Steps for Improved Cybersecurity

To get on a more secure path, Palmore recommended businesses take five steps: conduct a future capabilities examination; align priorities with business goals; survey the existing tool set; identify partners who understand the organization’s vision; and regularly review these actions with the appropriate stakeholders.

Businesses should be asking how they will engage with their customers not just today, but also in the future. He noted that the education industry in particular has been “rocked” this year by the shift to distance learning because they didn’t see it coming, but businesses in every industry have had to adjust to changing circumstances

“Workers now have been forced into their home offices, but the need to collaborate hasn’t changed at all — in fact, it’s even greater now because of work from home,” he said. “You can’t conduct business in a vacuum.”

Palmore said businesses that are currently maintaining a hodgepodge of security solutions from different vendors should reconsider that approach. Standardizing on a single vendor’s security platform makes more sense because a platform approach offers better visibility into the organization’s security landscape with better data, usually at a lower cost, he said.

“Visibility is the challenge of every information security practitioner,” Palmore said. “And it’s a great challenge. What I would offer is that, because organizations have gotten so used to using different point products to solve different problems, it naturally creates gaps between those tools.”

Of course, standardizing with a single security technology provider requires businesses to select that partner very carefully. Palmore urged businesses to search for a partner that pays careful attention to the organization’s unique needs, rather than simply selling a product or platform.

“We need to be looking at this crisis as an opportunity to transform ourselves,” he said. “Now is the time to plan and implement strategies. The world hasn’t stopped for us. We don’t want to be looking back 12 or18 months from now saying, ‘We wish we had started planning then for what’s happening now.’”

Follow BizTech's full coverage of the event here. Insiders, register for the event here. Those who are CDW customers should include their account information when asked; others should full out that field as “N/A.”

Getty Images/Gordenkoff