While the digital transformation continues to advance by impacting all aspects of our lives (private, professional, social …) and making evening talks, IT risk does not have the same visibility and the same enthusiasm. The word “risk” is negative and austere. We do not want to look at it or worse we want to run away from it.
It gives the impression that we are concerned about the IT risk once a remarkable incident has already occurred. We tend to forget the recommendations of our grandmothers “prevention is better than cure” and we go headlong without realizing the danger is around us.
Risk? What risk?
So where are we in the digital transformation? What is its correlation with IT risk? Why is this risk still underestimated?
Actual picture of the digital transformation
Every day we live the digital transformation. It is part of our daily lives and we surreptitiously get used to all the innovations that are offered to us. Digital transformation is defined as the integration of all digital technologies into all aspects of human society.
This transformation impacts and transforms many parts of our professional or personal life. It affects in particular:
– Our resources: accumulation and analysis of data (Big Data), dematerialization of IS to Cloud, transmission of knowledge extremely facilitated (thanks to Wikipedia, streaming videos …)
– Our objects: computers, tablets, smartphones, massive IoT development (connected objects)
– Our habits: BYOD (Bring You Own Device), remote connection (and thus teleworking), digital links more and more tighten between the private and professional sphere, permanent development of social networks …
It is now impossible to miss this transformation without being excluded from the society (for example, some administrations now work only with internet).
In the same way as the invention of the printing press or the industrial revolution, it is impossible to miss out on digital transformation. For a firm, it is even vital to take part of it and to be ahead of this competition. So, it is not ready to slow down!
What is the relationship between digital transformation and IT risk? What risks are we talking about?
As we have seen, digital transformation now affects all organizations, which is transforming their processes by creating more and more porous information systems (IS). Inevitably, the digital transformation is accompanied by an increase in IT risk.
New threats are constantly growing, and each day brings its novelty. Humans love riddles and challenges, so hackers work daily to find flaws in companies’ IT security!
In the cyber threats that are now classic on the web we can list:
– Major attacks like ransomware that evolve very quickly.
– Data breaches for both organizations and individuals. Often an attack on organizations will in any case impact individuals.
– Non-mastery of providers who do not necessarily pay attention to their own IT security.
– Internal or external fraud in organizations
In addition, there is a real issue of legal liability with the BYOD practice. In fact, employees are increasingly mixing personal and professional data. But if a problem occurs, is it the liability of the employer or of the employee? It is necessary for everyone to protect itself against this legal risk.
Another major problem is that IT risk is generally not managed upstream. Too often, organizations take decisions about this topic once a serious incident has occurred. Worse, some even wait for law to take action. But don’t judge them, we had to make laws forcing the wearing of seat belts for everyone to use them (well, I hope you do it 😉 ).
In fact, risk management needs to be thought of at the beginning of process, so that it best meets the need for protection of the organization but also the need of the users.
“It is imperative to integrate the security from the beginning of the developments otherwise it is much more expensive in case of attack”. Guillaume Poupard, Director General of ANSSI
Non-management of risk or its flawed implementation is a sign of disinterest from decision makers and shows the difficulty to implement a good IT security policy.
Next part is here !