Top 10 cybersecurity tips for digital transformation [Part 2]

You don’t want to see a headline about your cybersecurity lapses. Nor do you want vocal critics to sully your carefully cultivated stellar reputation. You want to avoid the cost and disruption of cleaning up after a cybersecurity incident.

Treating cybersecurity as an afterthought or something others will address during digital transformation projects is always a mistake. It leads to leaving avoidable cybersecurity holes that bad actors love to exploit.

Thankfully, there are steps you can take to guard against the vulnerabilities that digital transformation initiatives often uncover. Here are actions 6 through 10 from the top 10 actions organizations can take to minimize cybersecurity risks during digital transformation.

You can read actions 1 through 5 at this link.

Evaluate SCADA/IIoT integration points

Some digital transformation projects bring SCADA/IIoT data from operational technology (OT) infrastructure into the realm of IT systems. Often these two realms are managed by different executives with different mandates and priorities.

Evaluate the cybersecurity risks of the digital transformation projects’ SCADA/IIoT integration points. These points are often represented by a server or network device whose management responsibility is vague or ambiguous. As a result, the cybersecurity defences can be uneven.

Act on the conclusions of your integration point evaluation. They typically include the following:

  1. Clarifying roles and responsibilities for the devices.
  2. Updating and perhaps upgrading the devices.

Test Application Programming Interfaces

Most digital transformation projects develop custom application programming interfaces (APIs) for integrating databases or to allow software developers of external partners to access specific applications within the organization’s computing environment.

When attackers discover these APIs, they can easily create software to cause data breaches. The response to this risk is to ensure the following:

  1. Test the API software thoroughly.
  2. Change authorized credentials to access the API regularly.
  3. Log use of the API and review the log regularly.
  4. Store the API source code securely. Never publish it at an open-source repository.
  5. Limit the circulation of the developer guide for using the API. Please don’t post it on the web.

For a more technical discussion, please read: API security: 12 essential best practices.

Assess technology changes

Often digital transformation projects introduce changes to the suite of information technologies that an organization operates. New technologies introduce or revise cybersecurity risks.

Your project team should update its IT cybersecurity risk assessment when technology changes occur and act on new findings.

Confirm CSP cybersecurity defences

Many digital transformation projects include a cloud component. That component can be either the use of a computing infrastructure operated by a cloud service provider (CSP) or a cloud operated by a SaaS provider.

Because most CSPs operate extensive cybersecurity defences and proudly describe this work as a valuable customer benefit, most customers don’t invest more effort in cloud cybersecurity assessment or testing.

It’s prudent to allocate a modest effort to confirming the comprehensiveness of your CSP’s cybersecurity defences.

Conduct an OT cybersecurity risk assessment

Sometimes digital transformation projects reveal that the realm of operational technology (OT) has not received the same amount of cybersecurity attention as IT. In this case, an OT cybersecurity risk assessment should be conducted.

The International Society of Automation (ISA) standard Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program (ISA-62443-2-1) provides valuable guidance for developing a business rationale for OT cybersecurity investments.

 

Organizations materially reduce cybersecurity risks by including these actions in the scope of their digital transformation projects.

 

What ideas can you contribute to help organizations minimize cybersecurity risks? We’d love to read your opinion. You can share that with us below. Select the checkmark for agreement or the X for disagreement. In either case, you’ll be asked if you also want to send your comments directly to our editorial team.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Yogi Schulz
Yogi Schulzhttp://www.corvelle.com
Yogi Schulz has over 40 years of Information Technology experience in various industries. Yogi works extensively in the petroleum industry to select and implement financial, production revenue accounting, land & contracts, and geotechnical systems. He manages projects that arise from changes in business requirements, from the need to leverage technology opportunities and from mergers. His specialties include IT strategy, web strategy, and systems project management.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight