Digital Security: The Critical Shift from Control to Risk Based Thinking

For many businesses the next wave of growth will most likely involve going digital, improving analytics across customer touch points and an Omni-channel presence. The one primary impact of digitization is that most of our valuable assets today stay in form of zero and ones (Digital data).This digital economy presents unprecedented challenges for business leaders as the convergence of people, processes and technology accelerates. The digital-IT activities are becoming more decentralized and it’s drifting away from the central IT department hub. Today’s businesses today face critical issues relating to privacy and security.

Whilst most companies recognize the significance of the pace and change, a handful leaders have determined exactly how their organizations will build digital resilience to protect their most valuable information assets. It is important to realize across the board that digitization offer great returns, whilst a simple dent in cybersecurity will often outweigh them.

Small and midsized businesses are more agile in comparison to their bigger counterparts tend to leap frog into to digital in anticipation of gaining early advantage. As a result they tend to overlook security and tend to resort to the traditional “shield the perimeter” mindset or the over reliance on their service providers and partner’s security efforts. Example: hosting providers, developers, cloud service providers etc… There are many reasons that fuel this mindset. The case with the very small companies is that they tend to think that they are a small business and thus they may not be a target and a firewall at the perimeter is sufficient. And the secondary reason being that their inability to quantify the impact of risks and mitigation plans.

As the business grows, security is seen more from an internal compliance, external standard or regulatory perspective. This approach is not bad however it is very reactive and prescriptive. This not adequate to keep in pace with the rate the cyber criminals innovate and in the face of social engineering attacks which are becoming ever so prevalent and increasingly sophisticated. Business should focus on security investments by taking an “inside out rather than an outside in approach”. Intelligent security investments take into consideration the major risks they actually face and prioritizing controls and security to achieve business goals and not based on what’s out there nor based on what’s new.

The tendencies are that cybersecurity is primarily seen as a technology function rather than being integrating it into the core of the business and the customer touch points. Considerable amount of the damage results from an inadequate response to a breach rather than the breach itself.

Cybersecurity is not about control it’s rather resilience deep within.

By engaging & consulting to global clients on security and digital initiatives, I advise businesses to move beyond standard models that approach cybersecurity more from a control perspective rather than digital resilience. What this means is that companies should begin every single digital initiative with cybersecurity mind from the outset. This starts all the way from their simple website to, apps, internal processes, marketing investments and security defenses with the protection of information assets of both theirs and their customers in mind.

Consumers and businesses who engage with our digital assets today expect an ironclad assurance that their sensitive data is secure. A simple website breach may thwart your customers from engaging and make serious dents into to you future earnings bringing your business to a standstill. Security has to be built in rather than being bolted in.