Sponsored Content
Any organisation looking at digitalisation needs to put security at the top of the agenda from the very outset
Investing in new systems without taking their security features into consideration is comparable to buying a car with no brakes or airbags because you hadn’t taken into account the need to stop the vehicle at some point. That’s the view of Dani Michaux, KPMG Ireland’s new Head of Cyber. Michaux’s mission is to get businesses thinking about a digital system’s security at the outset.
“If you think about security at the point of design, implementation of controls is much cheaper," says Michaux. "Technology has advanced and a lot of security capabilities are readily available with new technology - it’s just a matter of thinking about it. It would be the same if we bought or built a house without doors, windows, keys and burglar alarms. We don’t plan to be burgled but we should not make it easy for the burglar either.”
Costly Vulnerability
The penalty for such lack of foresight is not just vulnerability to attack. “If you buy a system without security built in, it can cost up to 30 times more to install later,” Michaux adds. “If you have a system with zero security and a security professional comes along later to fix it, it will be very expensive. Who is going to bear that cost? Will it be your customers through price increases? The other option is reduced profit margins.”
In Michaux's view, a change of mindset is required. “You have to believe that you are going to be attacked. Cyber is the same as any other type of risk for business. You have to invest in controls, security measures, and insurance. Businesses have to be aware of risks posed by supply chain as well. The moment one company gets hit by a cyber attack, the likelihood is that another one will be impacted due to the large interconnectivity and information sharing. It’s no one’s fault but every organisation should be prepared and secure its own data, whether they are the main target or just collateral damage of an attack.”
Digitalisation Risk
Cyber risk is also being ramped up by digitalisation. “This is one of the big issues and a major challenge,” Michaux explains. “Companies want to improve the customer experience and are using huge amounts of data to do it. The flip side of that is that a lot of people don’t realise these technologies have risks.
“Everyone is moving to the cloud now and soon there are not going to be on-premises licenses anymore. People think that cloud services from a major provider are secure. But companies can’t just rely on things to be inherently secure – they have to ensure the correct controls and measures are in place.”
However, digitalisation can also be seen as an opportunity. “The best option is to stop and think about security, and ask the basic questions about it before you buy a new system,” Michaux advises. “No one likes the fact that they can be attacked. But when you are replacing or investing in new systems, you have to design in security at the beginning.
"Any organisation looking at digitalisation needs to put security at the top of the agenda from the very outset. The cost is prohibitively high if it is left until later. We have to look at digitalisation as an opportunity to embed security in the business.”