How small businesses can mitigate the dark side of digitization
I'm Zahier Madhar, and I'm honored to work as a Lead Security Engineer and Check Point Evangelist. I've been part of the Check Point team since 2012, and my journey in the industry began in 2006. I'm dedicated to helping Dutch companies boost their cyber security. Outside of work, I enjoy practicing Krav Maga, going for runs, and staying updated on cyber threats using Check Point's research (https://research.checkpoint.com), Telegram, and various forums.
In this brilliant interview, Check Point expert Zahier Madhar offers astute and thoughtful insights into the state of digital transformation for non-traditionally digital businesses. Discover ultramodern trends, original thinking, and actionable security strategies. Don’t miss this!
Can you share a bit about the trends that you’re seeing in terms of every business becoming a digitized business?
Companies are digitizing more than ever before. The digitization has been driven by a variety of reasons, such as reducing costs, reaching a larger audience, and enhancing customer experience, among others. This trend is not limited to large enterprises, but extends to businesses like the bakery next door. In the modern world, even the local bakery is embracing digitization. The reasons behind these transformations are often similar to those of larger companies.
For instance, many bakeries are incorporating smart or connected ovens. These ovens allow bakers to upload or program baking processes, making the baking process more efficient and dynamic. Additionally, numerous bakeries have adopted webshops, enabling customers to order bread online for convenient pickup, resulting in a direct increase in sales. E-commerce plays a crucial role in attracting more customers to both the physical shop and the online platform.
To streamline operations, the Point of Sale (POS) system is connected to the internet. This reduces administrative tasks. This integration enables the bakery to focus on what they do best — baking bread. Like any other business, the bakery is constantly seeking opportunities to enhance efficiency, increase customer satisfaction, and reach a wider audience, ensuring that the process of digitization never comes to a halt.
A big step in going digital is using cloud technology. This allows businesses, including bakeries, to become more flexible and scale their resources based on demand. Cloud technology enables the bakery to host its website, webshop, and POS system efficiently.
Another noteworthy step in digitalization is the use of Artificial Intelligence (AI). AI is widely employed for data analysis, predictive analytics, and personalized customer experiences.
Even a bakery can explore using AI for digital transformation. For instance, by analyzing purchasing history, AI can customize marketing campaigns and implement dynamic pricing based on demand and time of the day.
Finally, the Internet of Things (IoT) is a key component of many companies. Organizations are incorporating smart screens, camera systems, and climate control to enhance convenience for employees and to save on costs. Continuing the analogy above, the bakery is leveraging IoT in its digital transformation journey. From smart ovens to temperature monitoring and energy management, IoT applications enable the bakery to operate more efficiently, receive alerts during the baking process, and achieve cost savings.
Can you provide an overview of the positive and negative aspects of this trend, especially as they relate to cyber security professionals?
Security is the most important concern in digital transformation. Digitizing requires adopting a robust cyber security strategy, enabling the business to undergo transformation in the most secure way. The digitalization of the business introduces various technologies such as cloud, SaaS, IoT, and AI, allowing employees to work from any place at any time.
In the example for the bakery, it means that the baker can monitor the baking of the bread while he is working in the shop serving customers. This flexibility is a significant advantage for business continuity. However, it also makes things challenging for security experts.
The process of digitization blurs the borders between secure and unsecured networks, increasing the attack vector as more technologies are connected to the internet. More connections mean a higher chance of data breaches. So, it's important for security experts to be there from the start and to stay involved as digitization keeps going.
Pro | Con |
Flexible | Security |
Efficiency | Maintenance |
Improve customer experience | Knowledge |
Innovation | Complexity |
Expand market reach | Compliance |
Improve communication | Data privacy |
Marketing | Trust |
Digital payments | Integration |
Scalable | Monitoring |
Given the above, what specific challenges do you foresee for non-traditionally digital businesses in terms of data security?
It is essential for everyone to have a basic cyber security awareness knowledge, similar to understanding the importance of locking the door when leaving the house or wearing a seatbelt while driving. This awareness is crucial in recognizing phishing emails, avoiding malicious links, and refraining from opening unknown files from unfamiliar storage devices.
However, implementing the correct security strategy to support the digitization of a non-traditionally digital business requires the expertise of a security professional. Employees also need to undergo awareness training on how to handle data securely. Having a security professional and doing training usually costs money, and limited budgets might make it a challenge.
Also, there are other things to think about that require a security professional, like keeping data private, watching for security issues, and doing routine maintenance. These additional aspects are important for keeping a safe digital space and need careful attention.
To summarize, the challenges would be budget, the right technology, knowledge and awareness.
Do you think it’s realistic for our world to effectively demand that every business owner and operator become a digital and cyber expert?
No, I don’t think so. It isn’t realistic to expect every business owner and operator to become a digital expert. What I believe is realistic is that every business owner and operator has basic knowledge, such as using strong passwords (MFA), being aware of phishing attempts, and ensuring that software is kept up-to-date. I also think it's practical for business owners to be security champions, making sure that steps taken for digitizing the business are done securely.
For businesses like bakeries, or [insert a similar example], what strategies do you think are effective in maintaining simplicity and sufficient cyber security?
A basic plan doesn't need to be complicated. There are a few effective items that can be taken care of even by non-security professionals:
1. Ensure that employees have basic knowledge like not sharing passwords, using strong passwords, and recognizing phishing attacks.
2. Keep all devices up-to-date with the latest software updates.
3. Separate the guest Wi-Fi from the work network to enhance security.
4. Schedule regular scans with the endpoint security client to ensure no threats are overlooked.
5. Maintain a list of all hardware and software products, along with their versions.
A good next step would be to enhance the security architecture to prevent more complex and advanced threats targeting the broad attack surface introduced by digitization. Check Point provides a unified architecture focused on preventing threats across various attack surfaces. Additionally, the architecture introduces a standardized cyber security language to create a security policy that enables any type of company to conduct their business securely over the internet.
A strong follow-up to this is creating an incident response plan. For instance, ensure you have contact details for an incident response team that you can reach in case of an incident. If you don't have one, take note of the Check Point incident response team at +1-866-923-0907 (https://www.checkpoint.com/support-services/threatcloud-incident-response). Understand the impact on the bakery and inform the employees promptly.
How else can the risks associated with the ‘dark side of digitization’ be mitigated?
I highly recommend that every type of business embrace digitization to maximize efficiency. Security should always be an integral part of the overall strategy.
For large enterprises, I strongly advise implementing a security strategy that comprehensively covers all attack vectors. This can be achieved through a consolidated platform, which lowers the risk of misconfigurations, provides better visibility, and simplifies security tasks. The platform should be API-driven to facilitate automation and integration with third-party solutions.
Remarkably, enterprise-grade security and technology are now accessible even for smaller businesses, such as the bakery next door. Check Point offers solutions tailored for small to medium-sized businesses, allowing them to leverage the right technology to address the diverse attack vectors associated with digitization. The Check Point solution provides a consolidated architecture that is easy to set up and maintain, even for those without extensive security expertise. It secures networks, mobile devices, endpoints, cloud email, and SaaS apps.
In summary, my strong recommendation stands: Every business, regardless of size, should embrace digitization to enhance efficiency, with security integrated into the core of their strategy. More information about the available solutions for small and medium businesses can be found here: https://www.checkpoint.com/solutions/small-medium-business-security.
Based on your observations and analyses, what are the key takeaways for CISOs and cyber security professionals here?
Digitization sounds appealing and is currently a trend. It is tangible, making many business owners proud as they modernize their processes. However, when something goes wrong, the impact can be significant — customer data might leak, passwords might be stolen, or smart IoT devices could become part of a botnet.
The world is more digital than ever, and there's no reason to believe this trend will stop. Digitization requires cyber security involvement at every step, from regulations to technical details.
1. Digitization adds value to any business.
2. However, the dark side is that it increases the attack surface.
3. The role of a Chief Information Security Officer (CISO) is crucial to realizing a secure and future-proof transformation.
Is there anything else that you wish to share with the Cyber Talk security community?
The key to successful digitization is integrating cyber security; from regulations to technical details. This ensures that the transformation is future-proof and secure, making it easier to adopt new regulations like NIS2 and expand the range of products connected to the internet while mitigating potential risks.