Digital is the future—we have heard that enough times to ensure we know it’s true. After all, you can’t read a technology or business article now without hearing how another firm has made a record-setting investment in digitizing their firm. But with all the innovation also comes risks; this was true for the wheel, fire, and medicine, and it’s clearly a fact for digitization as well.
Digital Initiatives Come With Risk
Let’s think about what is happening; there is a veritable tsunami of digital initiatives happening right now in organizations across the globe that have created an unprecedented amount of new human and machine identities. The average DevOps user now has 30 identities, and those machine IDs add even more new identities to the mix.
This trend of ballooning identities is quickly leading to increasing the exposure of organizations to both ransomware and supply chain threats, according to CyberArk’s 2022 Identity Security Threat Landscape report that was recently released.
Let’s dig into this risk in more depth. First, it’s important to note some interesting stats provided in the CyberArk report referenced above:
- 68% of non-humans or bots have access to sensitive data and assets.
- The average staff member has greater than 30 digital identities.
- Machine identities now outweigh human identities by a factor of 45x on average.
- 87% store secrets in multiple places across DevOps environments, while 80% say developers typically have more privileges than necessary for their roles
- Over 70% of the organizations surveyed have experienced ransomware attacks in the past year—two each on average.
These stats hint at an environment in many firms where digital innovation and the rapid development timelines in place to achieve results have led to some risky behaviors and undesirable outcomes. After all, if 80% of experts say developers have more access than they need, that creates a risk—as does having multiple digital identities (no one can remember all those passcodes, so they likely go in an unsecured file or location for easy access). All of this is just one hack away, especially for machines that have access to sensitive data.
If you don’t allow the machines access and you reduce staff access, you risk exposure in a different way—a slowing of your innovation which your investors and customers won’t stand for in our current digital rich environment.
Risk Management as a Growth-Minded Enterprise
What should a growth-minded enterprise do, then, to accept the risks, limit them, and still innovate? I believe it starts with some key steps to encourage innovation while managing and reducing risks a few of which I have laid out below based on what we are seeing today in the market.
The right 3rd party partner can help you manage all these and others you may need effectively and efficiently, particularly in our current environment where security resources are in short supply:
1. Manage Your Security Liability
Resources spent on overall digital business and technology initiatives have outpaced security spending and resources for far too long. It’s time to balance that budget better to reduce risks.
Start with a fully transparent risk assessment conducted by a 3rd party partner for their agnostic opinion on real risks. Then, prioritize identity control in a zero-trust environment, isolate business-critical processes and data, and invest to protect these areas despite inherent risks in other areas of the business. Simulate a breach and measure your firm’s response to the breach to ensure you can respond in a timely manner. Protect key processes and data when a breach ultimately occurs.
2. Create a Culture of Security
We have all heard about firms having their corporate credo or key values. These values are often things like customer service, accountability, integrity, and a sense of urgency. Well, there needs to be a new one added across the globe: protecting your company from security risks.
For the humans that represent the risks, it is important that we move beyond just training. We need to truly empower our people in every role across the company to be the front-line response to intrusions.
Incentive programs, training and education, reviews, and management approaches should all be changed to have a security-first posture firm-wide. Dr. Shaun McAlmont CEO of Ninjio and security thought leader said recently, “Empower your team members as the first line of defense against today’s innovative, malicious bad actors”.
This concept of turning around the risk of employees being one of the largest risks for a hack to your organization into a key tool in your security tool kit is masterful. It can change the game on those criminals targeting your organization.
3. Detection of Devices
With so many devices on the network, it’s hard to spot one that should not be there—and that’s how risk happens. Never miss the addition of a new device to your network or the discovery of a new vulnerability by using unique solutions.
For instance, a new solution is Nodeware. It enables real-time detection and complete visibility of network assets with an automated inventory. With these capabilities, it helps keep you better protected from hacks occurring on your machine base. For most fast-growth firms, protecting machine data has been a top priority, especially with the rapid rise in machine knowledge and protocols.
There are many more elements to a successful digital growth plan and risk reduction plan than those I have noted above. Contacting a seasoned and proven security partner to assess your risk posture and develop a full mitigation plan is a great way to put you on the fast track to success.
Need a partner recommendation? Feel free to reach out at any time and I can help you find the right resources.
Want more CXO insights? Subscribe to the Future Office of the CXO channel: