CISO Challenges: Digital Transformation

DT was a way to be on the forefront of the normal, but since the pandemic, has become the way to adapt to New-Normal, an unknown country where we all happen to be now. The sudden constrains to the analog way of doing bussiness became a driver for DT initiatives. But DT needs cultural change and processes/workflow realigment (at best!), mastering the SDLC or App Delivery to get the busssiness into Continuous Integration/Distribution mode, and some new tech to support the data-sharing, collaboration and data-driven decision making that, hopefully, will make your bussiness smarter.

So DT is not about shifting your focus to look outwards, but an inward focused transformation that will make the bussiness more agile, interoperable and adaptable to the outside world. “Change only comes from within” is my favourite quote from the Buddah.

Back to my trade, seems reasonable to think that all transformations and initiatives usually come with the trade-off of an augmented surface attack. New technologies mean new opportunities, but also new vulnerabilities. So DT cannot be done haphazardly.

The Colonial Pipeline Ransomware attack, from which I’ve made a HBC-style for my alumni, is a never-ending well to extract lessons learned from. Just for starters:

- Exposing your IT/OT systems for the sake of Remote Management without proper AAA is not DT.

- Spending in IT without a well laid transformation plan is not DT.

- Going hybrid just for the sake of it is not DT.

- Paying the Ramson is not proactive decision making, but reactive.

- Beign forced to shut operations is an heroic decision but keeping critical infrastructure working supported by well tested BCP, is even more heroic.

- Legacy systems cannot support BEFs.

I could go along all day…