Just how important is your company’s data? What would you do to safeguard it? These are questions I ask organizations every day to help them defend their systems from intrusions. In this post, I will explain how companies can mitigate the risk of a cybersecurity crisis. We live in an era of abundant digital data, and computing resources to make good of it all. It’s natural for entrepreneurial executives to think inventively how about to digitally transform their firms’ systems and customer interactions. But these new systems must be designed with security in mind — baked in from the start. With careful planning, you can have an agile organization that innovates and manages risks effectively.
We know that IT leaders are paying attention. But are they paying attention to the right things? When asked by Gartner to identify their priorities, 88% said cybersecurity was a top focus, showing that the traditional security concerns of IT leaders – access to machines and systems – is as important as ever. However, when TCS asked CIOs specifically about data security, only about a third (34%) said they oversaw such work.
While data security should be the responsibility of every business leader who collects, uses, and distributes data for an enterprise – and some companies have named executives solely in charge of this security who may not be the CIO – CIOs in particular need to update their focus. That’s because, by their own admission, large companies have big plans to use the voluminous amount of customer data they’re collecting — one insight from the TCS 2020 Chief Information Officer Study, whose findings are now coming to market.
The study, conducted by our TCS Business 4.0™ Institute, surveyed 1,010 CIOs and other IT executives from North American and Europe companies in 11 industries. Of particular importance to these companies is marketing and sales customer data.
For example, 71% rate as extremely or highly important to the future growth of their company data on what customers say about their firms in online channels. Sixty-three percent cite the same priority-level importance for data on what products and services their customers buy from them. And 61% say data on how customers find out about their company and its product and service offerings is highly or extremely important.
Certain types of data are more important in certain industries than in others. In banking and financial services firms, the automotive industry and hardware and software companies, CIOs said reputation data, such as what customers are saying about the company in online channels, was of primary importance – whereas for telecommunications CIOs, it was that kind of data, plus distribution data and production data that all seem equally important. (Note that in our survey, respondents could rate the importance of more than one data category.) More industry-specific findings from our CIO Study will be released in the coming months.
Data at Risk
Clearly, the data coursing through the systems of large companies carries great value, and they continually find better ways to use it. Also consider that many companies give customers mobile apps and internet-connected products. Each of these connected digital devices is a touchpoint through which companies interact with customers in marketing, sales, customer service, payments and more. And each of these billions of collective touchpoints represents a potential point of attack for criminal hackers, disgruntled employees and others to exploit.
With so much data to handle, companies must develop fresh approaches to securing it all. The data itself is more varied. Much of it is unstructured and in formats like text documents, spreadsheets, images, videos, and audio files. Companies can’t control all of the computing devices that hold their data; each IoT device is a potential entry point for an attacker. And the regulatory landscape under new privacy rules like the European Union’s 2018 General Data Protection Regulation means enterprises doing business in the EU must protect their customers’ personal data.
Such a world calls for making cybersecurity an integral part of any digital transformation strategy. It should include four components:
1. Cybersecurity must be data-centric. Instead of focusing on a warehouse, a facility, a geography or a system, a company must commit to protecting its data — especially its customers’ data — wherever it resides.
2. Cybersecurity strategy must be flexible. Regulations will continue to change. Connected devices will proliferate. Data will continue to multiply. A company’s security strategy must be able to change dynamically.
3. Cybersecurity must emphasize predictive capabilities. Ideally, companies should have the cybersecurity capabilities to identify and mitigate risks before they become a problem. Stopping a hack attack from occurring in the first place should be the priority. Data analytics and artificial intelligence must play a major role in pinpointing problematic transactions and probing intrusions so that companies can take steps to shut down emergent threats.
4. Cybersecurity must be inclusive, encompassing the protection of both the company’s intellectual property as well as its customer data.
This will mean incorporating risk analysis into systems design and including cyber protection into all aspects of an organization’s business, from employee training to sales to finance to operations. It means finding and training the right people to lead a cybersecurity effort – one that prioritizes security threats and responses to operational data, customer data, and repairs to systems that connect to external networks like the internet.
We know that data is central to business. We know that cybersecurity is top of mind. We need to ensure that the two go forward hand in hand from day zero to safeguard everyone’s work—and the critical data that makes that work possible.
My colleague Sachin Khalap and I have written more about this subject. You can read the article “Proactive Protection: How Companies Can Secure Customer Data in a Hyper-Connected World” here.
About the author(s)
Satish Thiagarajan is the Global Head, Cyber Security Practice at TCS. Satish has over 24 years of experience across industries and IT involving consulting, business analysis, process re-engineering, concurrent multi-project delivery management in Application support, Infrastructure management, Enterprise Security and Testing. At TCS he is the Head Enterprise Security and Risk Management, Head Technology Office and Head of Testing Centers of Excellence. Satish has handled multiple roles like Business Analyst, Application Support Manager, and Relationship Manager, IS Practice Director, Global Practice Head and worked across domains like Application development and Maintenance (ADM), Infrastructure services (IT IS) and Testing (Assurance Service).