The Five Fundamentals of Cyber Security in the Era of Digitalization

“Change is inevitable, but the transformation is by conscious choice.” Heather Ash Amara

Digitalisation is changing the way we do everything today. Who would have thought ten years ago that one could get almost anything at their doorstep with a few clicks on a mobile device? Similarly, at the workplace, large volumes of data are crunched near real-time to provide fascinating dashboards on mobile devices. A major reason is ever-increasing connectivity and it’s hard to tell what the future holds. One thing is certain though. The connectivity will only get better in the future because we have decided not just to change but to transform.

While this connected world has numerous advantages, it brings along with it a unique set of cyber risks for enterprises and individuals. These cyber risks may cause financial, legal, health, safety, environment or reputational losses to the company. The good news is, if the risks are well understood and acted upon timely, you stand a strong chance to go a long way in digitalization by transforming with the best of the technology streams available today.

"It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett

This is an absolute truth for the cyber security world. What you build so carefully over the years can fall like a bunch of dominoes with the smallest of oversight. At Cairn, this is well-understood at all levels of the organisation. Hence, as the first fundamental of cyber security, we choose to do things differently and meticulously to ensure we are not building a house of cards. Cairn is a technology-heavy organisation with critical information infrastructures across various locations that form a critical part of our value chain. Not only is it important to do things differently for our business needs, but it is also crucial to do it with rigor because these are national assets. Cyber-attacks can have a devastating impact on a nation’s economy and even lead to loss of lives.

Imagine you have farmland. You will put a boundary around it to ensure its safety. The role of a security leader is no different – to know the digital boundary, keep the good in, and the bad out. Well, there is a caveat. You are sorted if you have the perfect idea of the boundary you are dealing with. In the digital world, with expanding connectivity, one may feel that the boundaries are diminishing, or, in some cases, there are no boundaries at all! The good news is that there is always a logical boundary that can be created provided you have an idea of where to draw the line.

Knowing our digital boundaries is the second foundational fundamental. There are several digital initiatives running in parallel across our technology platforms on a hosted premise or on a cloud infrastructure. We strive to ensure that not only do we know our boundaries, we are also able to monitor and protect them constantly. The need for protecting our information is well understood. For us, cyber-security requirements are a priority, not an afterthought. This not only helps in protecting our investments but also ensures that the return on investments is not eroded due to breach of a weakly designed system.

The third foundational fundamental is prioritization. You cannot treat your gold and silver alike. At Cairn, prioritization flows from the very top and is reflected across all business verticals. It is understood that not all information assets require equal protection. Some are more crucial than others. A detailed exercise helps us identify the mission’s critical assets which require maximum protection for a business to survive. These are kept in consistent focus. Any other system that connects to these assets is also treated with due care, and so on. While nothing is left unattended, prioritization ensures that we protect our assets in an order that would protect our business if these assets were ever to be breached. 

The fourth fundamental is to use technology to protect technology. In this era when a terabyte of information is created in a matter of seconds, people and processes will get overwhelmed if they were to perform at the speed of systems. This is visible in our choices as we select cutting-edge technology for our business initiatives and use a similar class of technology to protect these initiatives.

The fifth fundamental is to develop competency within an organisation. One may bring in best-in-class technology and design processes but they would be of no use if the employees did not know what to do with them. It is a well-known fact that cyber security is heavily dependent on awareness among people. We believe that cyber security is a shared responsibility between the people who set its direction and those who execute it. This is closely related to the fourth fundamental and the two need to be in sync for a successful security program. Technology adds speed and talented employees can add context and wisdom to a task. 

It is important to see cyber security as a journey, not a destination. Based on business requirements, companies must know what they want to protect (be meticulous), where they want to be on their guard (define boundaries), what would be the order (prioritize), how they want to do it (use right technology), and who will run the show (develop competency). While there is no end to what one can do to enhance cyber security, it is important to get meet these fundamental requirements.