“Security is everyone’s job now.” These are wise words from Amazon’s CTO Dr. Werner Vogels, especially for companies embarking on a digital transformation or accelerating their journey.
Why should we all consider this advice? A recent report released by McKinsey[i]shows impressive figures: More than 100 billion lines of code are created annually, and hackers produce some 120 million new variants of malware every year. A strong Cybersecurity strategy is essential. Gartner research predicts that “By 2020, 60% of digital businesses will have suffered a major service failure.”[ii]
Cybersecurity is a business issue
Is it any wonder, then, that Cybersecurity issues keep all of us up at night? The fundamental issue is not about developing new Cybersecurity capabilities as part of business strategy. Instead, it’s about integrating them seamlessly.
What do I mean by that? Here, we need a big shift in mindset: first, in thinking that adding a Cybersecurity layer will make software and products more complicated to use and, second, in regarding Cybersecurity only as an IT issue.
In that context, here are three approaches central to a Cybersecurity posture:
Digital user-experience: Cybersecurity cannot be an afterthought; it must be completely embedded in the user experience. Worsening the user experience or adding friction can prompt users to find a “work around” that can ultimately – and unintentionally – worsen the overall security posture.
Everyone’s problem: We must find a way to make Cybersecurity something that everyone at a digital company thinks about — even without overtly thinking about it. About two-thirds of malware linked to data breaches or other incidents last year came from malicious email attachments.[iii] It takes just one bad click to open the gates to the nefarious cyber underworld. So, Cybersecurity must become engrained in each of our daily actions. As a global company in over 100 countries, Schneider drills down to the individual level, providing ongoing learning and enablement about Cybersecurity.
A layered approach: For any company, a perimeter defense is not enough in today’s digital world. Everyone is connected constantly — from our homes, smartphones, and across the distributed enterprise network. A layered approach is essential as we cannot just rely on a moat — as wide as it is — in today’s hyper-connected world. For that perspective, the NIST framework[iv], is an incredibly useful reference as it defines different levels of defense (version 1.1 of the NIST framework was released on April 16th, 2018), from the identification of risks to the recovery from incidents (resilience).
The power and profit of IT/OT convergence
The Schneider Electric Cybersecurity strategy doesn’t mean only building higher walls around the perimeter; instead, it means multiple tiers with a well-defined “detect and response” strategy front and center.
No company is a castle; in one recent example, hackers even infiltrated a casino’s database through a seemingly innocuous smart thermometer in its lobby aquarium. Considering its global footprint and presence, Schneider is exposed to the risk of Cyberattacks and data privacy breaches just like any organization. With the rapid convergence of IT/OT, moreover, fueled by the Internet of Things, we adopt Vogels’ stance that, “Everyone should be a security engineer in a digital company.”
From our “Cybersecurity by design” approach across our IoT-enabled EcoStruxure™ architecture to our ensuring that both IT and OT stakeholders have a seat at the Cyber-strategy table, we drive digital transformation with a strong Cybersecurity posture. We pave the way for our customers and partners to thrive in the digital economy. Rest assured.