The Digital Risk Protection Blog

5 ways digital transformation increases digital risk

Written by Justine Siebke | 01-Jun-2020 12:00:00

Businesses start their digital transformation journeys with a focus on the opportunities it offers. For many, successful transformation means a stronger user experience and online presence, streamlined processes and business ecosystem and enhanced productivity. 

But there’s a flipside to new digital technology, platforms and ways of putting your data to work. A digital upgrade can open up new possibilities for digital supply chain security breaches that you may not have encountered in the past. So when it comes to a successful transformation, make sure that digital risk protection is hardwired into your digital transformation strategy. 

To see what we mean, here are some examples of risks linked to digital transformation, new tech investments and high tech changes to your operating model.  

Successful transformation and Test-dev environments 

With Agile development, workloads and service delivery can be distributed. This type of digital platform can make it a lot quicker (and cheaper) to create new services and improve existing digital tools. Often, the Agile process involves the use of rapidly spun-up, Cloud-based test-dev facilities: useful for projects where time is of the essence. 

Keeping development workloads secure should be a top operational priority for your chief digital officer. If these facilities house-cloned production data and proprietary business information for prototyping and testing software, you will not want their contents to fall into unauthorised hands.

As part of your digital strategy, you should check the security of credential breach protection of potential test-dev environments carefully. This includes looking carefully at how these services are configured, accessed and secured to prevent data loss and theft. The same goes for any other third parties that form part of your digital supply chain. 

Self-service

With customer-centricity in mind, making life as easy as possible for customers is a very common digital transformation goal for business leaders. Successful transformation may include extensive changes to your existing platform for an enhanced customer experience, to boost customer service and meet customer expectations. For regular, frequent purchases (e.g. razor blades and pet food), this includes the creation of zero-hassle subscription services utilising a digital form. 

To enable this type of digital upgrade, you may turn to an established merchant services provider. But just be aware that these third-party providers make very attractive targets for hackers.

Tip for your digital initiatives linked to digital transformation: OSINT (open-source intelligent feeds) are a source of useful updates on security issues impacting any third-party services you may be signed up to.   

Custom-built web experiences

Compared to relying on third-party merchant services for your digital initiatives, does building your own site make you less vulnerable to cyber-attacks? Not necessarily. Especially if your web experience and successful digital transformation rely on digital plug-ins.

A type of attack surrounding digitalisation, known as SQL Injection can be used on sites where JavaScript plugins are used. This type of attack is a similar digital version of those gadgets stuck on cash machines to skim cards and capture pin details. Except, in this case, fraudsters can get access to extra valuable data like address, password and email details. As an illustration, British Airways and Ticketmaster are among at least 80 major ecommerce sites that have been hit by the Magecart hacking group over recent years.

The moral: when it comes to digital change, even enterprise-grade, custom-built websites and software applications can be exploited. The size of the company or business ecosystem is not a barrier to digital transformation being threatened by digital risk. Vigilance is key to protection, including regular and frequent scanning of your existing infrastructure, core business and website content to check for unauthorised additions. 

Expanding the brand

For many companies, digital transformation involves building an active presence across multiple channels, especially social media. Successful transformation is all about building relationships and engaging with customers, however, they choose to reach out to you. 

But the more digital channels you have open, the more scope there is for fraudsters to exploit them. ‘Typosquatting’ is a prime example. In this form of phishing, fraudulent messages can divert customers to fake websites with very similar domain names to genuine companies. From here, customer details are captured, or malware added to their device. 

Third-party services are available for domain monitoring purposes for potential typosquatting sites. Signing up for such a service can potentially help stop an attack before it happens.  

Artificial Intelligence (AI)

Closely linked to big data data analytics, digital marketing, and the internet of things, ‘AI’ digital technology has become a mainstream part of digital transformation and digital disruption. Now, machine learning and other smart technologies are being put to work by organisations large and small as part of their strategy. 

Just remember when embarking upon transformation; your chatbot may be labelled “smart”, but this doesn’t make it invulnerable to cyber attacks. Chatbots, or virtual assistants, can be vulnerable to six different types of attack including impersonation and data theft.  

Tampering is another form of digital attack that can threaten your digital innovations. For instance, when Microsoft announced the launch of a digital transformation focused AI chatbot over Twitter, it took less than 24 hours for unethical users to train it to be racist. Hardly an example of successful transformation! If the input data or the AI-driven platform itself is compromised, your AI technology is open to compromise in the same way as any other digital transformation tool. You can reduce risk by deploying techniques like requiring authentication from users, strong data encryption and continuous monitoring.

Whatever form your digital transformation takes, make sure you have reliable cyber threat intelligence at your fingertips to scan for threats. This element is key to a successful transformation.