Frontline
Why digital transformation must incorporate security transformation
E Philip Dimitriu Director of systems engineering, Australia and New Zealand, Palo Alto Networks
12 | Australian Security Magazine
ffective cyber defense must withstand changes to adversary tactics and tools that traditional nonintegrated “best of breed” approaches cannot address. It must address advanced unknown threats as well as known threats. Resiliency and defense across the Cyber Attack Chain comes from protecting and defending systems at all places in the network, across all network traffic on endpoints, in data centers, in remote locations, public and private clouds and at major Internet gateways. Philip Dimitriu, director of systems engineering, Australia and New Zealand, Palo Alto Networks, said, “Most business leaders are at a point where they fully understand the need for digital transformation and it can be frustrating for them to be told that they need to slow down or avoid implementing certain projects because existing security measures are inaccurate. “As more organisations embark on a digital transformation journey, many are finding their ambitions thwarted by a security infrastructure that can’t cope with the new environment. While it’s essential to leverage new and emerging technologies to achieve business goals, failing to secure these properly from the outset can open organisations up to significant security risks that can potentially negate any advantage derived from that technology. Therefore, businesses must consider a security transformation in parallel to any digital transformation projects. The answer is to secure it from
the outset.” One of the key stumbling blocks for organisations in the midst of digital transformation is overcoming cultural contributors to poor security. Philip Dimitriu added, “Ignorance can often be the biggest contributor to cyber incidents. Depending on the size and complexity of an organisation, multiple individuals, teams or governance committees, may be required to cascade security transformation. Organisations must adopt a prevention-oriented mindset if they want to have a chance at protecting themselves. When boiled down to its core, security transformation really means four key things, complete visibility accompanied by credible intelligence feeds, reducing the attack surface, prevent known threats, and prevent unknown threats. In organisations where a strong security mindset hasn’t always been part of the culture, it can be easy for people to make innocent mistakes that lead to cyberattacks. As with transformation of any sort, the first area for businesses to focus on is staff education – across the entire organisation, including IT. People unwittingly click on the wrong link or use the same password for every app, and suddenly the organisation is experiencing a cyberbreach. Organisations can mitigate this risk by providing comprehensive, regular security education to all team members. For example, security professionals need to