Cybersecurity isn't just for your company – it applies to your ecosystem too
In the digital age, ecosystems take the evolution of business to a whole new level. The ecosystem surrounding a company can include a network of partners, suppliers, manufacturers, as well as various processes, all working together as a single organism.
Some ecosystems have already reached global scales. Insufficient security of their components could result in enormous losses. A supply chain attack can cause a domino effect, unless each member of the ecosystem takes responsibility for their own security.
According to Symantec, the number of supply chain attacks has recently surged by almost 80%. This poses a serious threat to all ecosystems, no matter what their size. The number of ecosystems is increasing, and dealing with the escalating risks to them is becoming more pressing for the global community. During Cyber Polygon, the international initiative aimed at increasing global cyber-resilience, experts will address these issues and discuss how to build secure ecosystems and handle supply chain attacks. Here are three ways to develop a resilient ecosystem:
Assess, manage and reduce the risks when digitizing your business
New technologies pioneer digitization. Artificial intelligence, machine learning and automation are now widespread in warehouses, manufacturing and medical services. For example, AI can speed up exploratory research of new medicines by 4.5 times. At the same time, these technologies come with new risks. Despite this, innovation-focused companies often leave security behind and concentrate on the main operational processes, investing in hardware, systems and research.
However, to ignore security from the very beginning of your digital transformation leaves your business exposed to massive expenses in the future. According to IBM, the damage caused by data breaches has now hit a global average of $4 million, but if a company has resilient incident-response plans, it can save $2 million or could even reduce that by $3.58 million if it has fully deployed security automation. In case of ecosystems, the potential damage is immense, considering the level of interdependence, tight links between various processes and the amounts of data handled and stored.
It is important to think about security at the initial stage. First of all, a proactive approach eliminates the need to spend resources on emergency system upgrades. Secondly, it reduces the chances of incurring costs associated with digital threats. Thirdly, even if a company does encounter such threats, the amount of damage will be less. The essentials of providing security to an ecosystem infrastructure are:
• Digital risk assessment and introduction of risk management practices
• Implementation of the “security-by-design” approach
• Regular infrastructure monitoring and testing
• Introduction of security standards, applied to all elements of the ecosystem
• Implementation of security policies towards third parties
• Automation of security systems
Another option could be outsourcing security issues. Using the capacities of a contractor company is cheaper in most cases than building own systems.
Reconfigure your infrastructure into a digital platform to make processes effective and secure
As an ecosystem grows, the processes inside it become more sophisticated. Companies start utilizing various software and technologies to adjust certain processes and find solutions to specific issues. Quite often, these solutions lack efficient interaction and coordination within the system, rendering the data exchange too complicated. Therefore, it is not enough to simply upgrade to new software, it is necessary to integrate new tools into the infrastructure and tune new processes for efficient operation.
The key solution could be the creation of a unified digital platform – a single information infrastructure that accumulates and adjusts new services and processes. This simplifies and speeds up data transfer, makes all processes transparent, enables control over the whole infrastructure, and applies necessary security measures to every new service. Sber, the largest bank and technology company in Russia, has transformed out of a linear structure into an ecosystem of several dozen various companies using the approach above. In the effort to make the transformation process effective and secure, Sber created its own platform, which allows all ecosystem residents to quickly launch new products. Expert companies that specialize in digital transformations can help and reconfigure the existing infrastructure. They have extensive experience when it comes to setting up seamless interactions between digital processes for large and small businesses; their approach helps to avoid typical mistakes and saves company budget and time.
Train your staff to utilize new tools and approaches
Since new technologies alter the way companies operate, employees should adjust to the changes accordingly. They need to learn new methods and approaches at every stage of the digital transformation, adapt to new software and develop new skills. PwC has recently announced that it would invest $3 billion into job training for its 275,000 employees around the world, future-proofing its workforce against emerging digital needs. A recent report by IDC states that companies that utilize educational platforms for their staff may see a 746% return on investment over three years.
Developing human capital while being transparent with your employees and supporting their interest in the company welfare are important aspects for company efficiency and resilient operations. When new systems are introduced, people need to be prepared and trained. Apart from that, it is necessary to be able to control the security of working in cyberspace. Our research shows that one in three employees are vulnerable to cyberattacks without systemic education, but training can improve their resilience by nine times. Regular testing of the acquired skills and simulation of phishing campaigns that promote employees to stay vigilant in cyberspace are crucial for the ecosystem’s stability and integrity.
Whatever the scale of the ecosystem, its resilience is an issue of high significance. The tendency for businesses to create networks of contractors and partners will continue, making the world ever more interconnected. In that regard, a proper approach to building ecosystems that foresees risks will ensure resilience, competitiveness and secure digital development for years to come.
Read more at Woods LLP
licensed from https://www.weforum.org/agenda/2021/04/cybersecurity-business-ecosystems/