Skip to main content

Knowledge Hub

New page title image

Resilience by Design: Embedding Security into Digital Transformation

5 min read
Resilience by Design: Embedding Security into Digital Transformation

The Internet’s connectivity is both a strength and a vulnerability, says Ayush Sharma, the Chief Technology Officer of StarHub. As industries and governments embrace digitalisation and continuously transform their technological stacks, the risks related to infrastructure and data exposure are exacerbated, he noted.

With cyberattacks like ransomware, phishing, and distributed denial-of-service (DDoS) attacks becoming more sophisticated and common, how can organisations ensure they remain operational and well-positioned to recover quickly from cyber disruptions?
 

Resilience cannot be an afterthought

To establish genuine resilience, mindsets need to shift towards integrating it into the very fabric of digital transformation strategies, rather than treating it as an afterthought. This isn’t something that can change overnight, however.

According to Sharma, cyber awareness and resilience programs must receive the same level of attention from the board and leadership teams as risk management and compliance. This is significant, considering that organisations have traditionally viewed cyber protection and resilience as isolated functions within infrastructure and technology.

This shift begins with a comprehensive cyber-resilient blueprint and manifesto using a top-down approach. It should include the use of related technologies like AI and safeguards to protect both organisational and customer data.

What about the network? How much attention should it receive? As the CTO of a telecommunications provider, it’s perhaps unsurprising that Sharma believes network resilience should be prioritised from the start, along with observability, automation, and cyber defence.

His reason is solid: “Network resilience is crucial not only for service continuity but also for quality. The network [also] serves as the vital link between active and backup infrastructure and data.”

“Business continuity and disaster recovery processes should be tested regularly, while organisational readiness and defences must be evaluated frequently through tabletop exercises and random audits,” he added.
 

Building resilience into critical systems

When it comes to enhancing the resilience of critical systems, governments and organisations must prioritise a holistic risk management framework to identify, assess, and mitigate risks, says Philippe Bletterie, Vice President of Strategic Verticals and Partnerships at Alcatel-Lucent Enterprise.

He recommends the Zero Trust model, which continuously verifies and authenticates every user and device, as ideal: “By embracing the ‘assume breach’ mentality, stakeholders must assume that attackers will eventually penetrate your defences. The focus must be put on limiting the impact of a breach through micro-segmentation, data loss prevention, and rapid recovery mechanisms,” he said.

Automation of security tasks, such as threat detection and incident response, is another vital component, given the importance of speed in responding to cyberattacks, says Bletterie.

“Take advantage of modern secured notification and workflow management systems to streamline communication and response processes during security incidents by securely and promptly delivering critical information to relevant stakeholders.”

Bletterie emphasises that fostering a culture of security is as important as the technology used. A security-conscious workforce can be cultivated through continuous training and awareness programs, empowering employees to identify and report potential threats, he says.

“Complex or cumbersome security measures can lead to workarounds and increase risk; overly restrictive security measures can hinder productivity and frustrate employees.” 
– Philippe Bletterie, Vice President of Strategic Verticals and Partnerships , Alcatel-Lucent Enterprise

It’s intelligence that wins the war

Scott Jarkoff, Co-Founder of Praeryx, views the failure to integrate cyber threat intelligence into core operations as a common mistake enterprises make. This oversight leaves systems exposed to “a constantly shifting and increasingly sophisticated threat landscape,” he explained.

“True resilience comes from embedding intelligence into the very fabric of decision-making… By cultivating a deep understanding of adversary tactics, techniques, and procedures, organisations can transform their security posture from responsive to anticipatory, where the capacity to innovate is grounded in a profound awareness of the risks inherent in transformation,” said Jarkoff.

He believes agility and cyber security should not be seen as opposing forces but as intertwined, with intelligence bridging align innovation and risk management. Intelligence becomes even more crucial with the rise of technologies like AI, ML and IoT, given the larger threat surface and potential vulnerabilities of networked devices and systems.

“Automated systems, continuously fed by intelligence, allow organisations to adapt with precision and speed, safeguarding their networks in an environment marked by constant flux. In aligning intelligence with innovation, enterprises can seize the future and secure it, ensuring resilience is a function of foresight rather than hindsight,” Jarkoff summed up.
 

Best practices for resilience

Are there best practices for enhancing resilience, both in technology and the human aspect of cyber security?

Bletterie suggests a user-centric security design that is user-friendly and intuitive: “Complex or cumbersome security measures can lead to workarounds and increase risk; overly restrictive security measures can hinder productivity and frustrate employees.”

Finally, there is no avoiding security awareness training. CISOs must implement processes to regularly educate employees about evolving cyber threats, social engineering tactics, and security best practices, he says.

Gamifying the process through quizzes, challenges, and rewards could make security awareness training more engaging and effective, helping to foster a security-conscious culture, notes Bletterie.
 

Join Scott Jarkoff at his panel session on “Holistic Approaches to Cybersecurity Risk Management” (16 Oct) and Philippe Bletterie at his track session on “Building a Resilient Cybersecurity Strategy for a Dynamic Digital World” (17 Oct). Additionally, tune into Ayush Sharma’s Tech Talk session on “Securing Smart Nation: Network Resilience for an Interconnected World” (15 Oct). Check out the full event agenda here.

 

 

View All Articles
Loading