It is estimated that, by 2021, cybercrime will cost the world $6 trillion annually. This staggering development “represents the greatest transfer of economic wealth in history,” risking money that target organizations might otherwise invest in innovation.
Cybercrime is becoming such an enormous problem because of the proliferation of new types of digital risk. These new threat vectors are the flipside of digital transformation. If they want to stay productive, reach customers, and remain competitive, businesses need to embrace social media, collaboration apps, and messaging apps. However, it is in these new and underprotected channels where the new forms of digital risk present themselves.
To simultaneously combat the growing sophistication of cyber-criminals and continue to embrace new digital technologies, cybersecurity teams must adopt a Security by Design Approach when utilizing cloud applications.
Security by Design: Proactive, Not Reactive
Cloud SaaS and mobile chat applications touch on every key part of a modern enterprise. Customer data lives in the CRM; business communications take place over collaboration platforms like Slack; digital-first sales teams reach out to prospects over WhatsApp; the marketing department spends thousands on social media ads. Across the business, everything now happens in SaaS applications.
This new reality means that traditional security models are showing their age.
For decades, security has adopted a reactive position, relegated to one team. In general, security tools are bolted on to existing systems, achieving minimum compliance, and then barely examined again. Only 36% of new, technology-enabled business initiatives include the security team from the beginning. In this day and age, this results in a purely reactive stance:
- The marketing department isn't worried about an account takeover until it happens, and then they begin scrambling to try and deal with it.
- Someone in sales discovers a fraudulent website, and only then do they start trying to get it taken down.
- HR finds out that a group of employees is bullying another employee over Slack, and has to go and investigate – weeks after the issue started.
- One of the compliance team discovers that a sales rep has been discussing noncompliant topics with a potential customer, and only then try to correct the behavior.
This reactive position is a very risky one. If you are only trying to deal with incidents once they have already occurred, you are setting yourself up for unwanted growth distractions. Vulnerabilities are always there, because cloud applications like LinkedIn, Facebook, and WhatsApp were not built with security and compliance as a priority.
Alarmatist as it might sound, without the right protection, it is probably only a matter of time before a bad actor succeeds in socially engineering your employees on social media for financial gain, or gains access to your Slack or Microsoft Teams instance and steals your IP.
Security by Design: Better Foundations, Better Growth
The digital risk protection (DRP) technology now exists to apply security layers to everything an enterprise uses: the CRM, the collaboration tools, the channels used to interact with customers, and so on. These DRP tools harness machine learning to proactively monitor cloud channels for potential digital risks at a scale that is impossible for human teams to deal with. Proper cyber security can be established at the level of the application (not the device), enabling security personnel to proactively catch, quarantine, and remediate threats before they become crises.
However, Security by Design isn’t only about security. Once security is baked in to an enterprise approach, so that tools and platforms are secure from day one, ancillary business benefits are generated. When you are proactively and automatically monitoring your cloud channels, whole new datasets are generated. These can then be piped via an API into a business insights engine. Compliance issues can be monitored in real time, at a massive scale, in multiple languages.
Understood correctly, security by design isn’t just a security tool; it’s a business enabler. Rather than security being a bolt-on that sits awkwardly on top of the revenue engine, it is the engine.
The business benefits of Security by Design compound, because people value privacy. This is evident in the millions of users signing up to the Brave browser every month. Consumers are sick of receiving the email informing them that they are part of another data breach. As Ernst & Young put it, “when data confidentiality, integrity or availability are compromised, or products and services cease to perform as expected, trust built over years can be lost in a day.”
Increasingly, being able to present yourself as a company that is truly prioritizing security is a major market differentiator. By moving toward a proactive security model, you both better protect your company and your employees from attacks, and better satisfy customers.
Digital Risk Protection by Design
When digital risk protection is woven into proceedings from the beginning, security teams can stop being the Department of No. Faced with the needs of the rest of the enterprise to innovate and embrace new technologies, they can say yes with confidence.
In turn, executives and board members can begin to consider cybersecurity as fulfilling a positive and empowering function that helps drive business growth. Security can be built into a fundamental understanding of all processes across all lines of business. Security becomes, in effect, tantamount to revenue. When effectively protecting the organization is understood as basic financial prudence, including security at the inception of a product or service becomes an obvious best practice.
A version of this article first appeared in Cyber Defense Magazine.