In the coming years, organizations will rush to conduct digital transformation programs in order to stay relevant in the marketplace – winners will dominate industries and losers will be left behind. However, as organizations race to adopt cutting-edge technology to digitize and automate, hurried and weak integration with underlying, legacy systems will lead to disastrous outcomes.
Organizations will create new applications, deploy AI and other tools (using different protocols and technology) which are expected to work seamlessly with existing and legacy systems. Consumers and dependent supply chains will lose trust in organizations that do not integrate systems and services effectively. Digital transformations will attract the attention of opportunistic attackers, who will target transitioning organizations that hold sensitive information, such as credit cards or personal details, exploiting new vulnerabilities as they are introduced.
Organizations that have built digital transformation programs on top of legacy systems will find that they have introduced new attack vectors and exposed previously hidden vulnerabilities. They will also experience availability and supportability issues, leading to service disruption as older technologies struggle to deal with step changes in performance requirements that newer technologies demand.
What is the Justification for This Threat
The corporate desire to digitize and automate is significant across a range of industries. However, a survey by the Center for Digital Government found that 70% of respondents depend on legacy applications (built using COBOL, PowerBuilder, etc.) for their operations. Legacy technologies often underpin core business functions but are usually cost prohibitive to redevelop.
Organizations may aim to implement during a digital transformation. Emerging next generation technologies such as blockchain, machine learning and robotics promise to increase efficiency and make operations more streamlined, thereby convincing organizations to undertake increasingly complex digital transformations with a range of new, immature technologies. Ill-conceived, rushed or botched digital transformations will create opportunities for compromise by exposing new or previously hidden vulnerabilities.
In many cases organizations will rush to keep up with competitors, with many executives falling prey to the ‘shiny object syndrome’: investing in ‘cool’ digital technologies without a clear understanding of how they will generate sustainable value. According to a global survey from Couchbase, regarding organizations that have undertaken enterprise digital transformations, the majority of respondents agreed that the pressure to digitally transform causes companies to rush into projects too soon; with potential wasted costs reaching an average of $28m per organization.
Digital transformations will also have a significant effect on the organizational workforce as skillsets are computerized and absorbed into the functionality of machine learning or other more automated technologies. The resultant de-skilling of the workforce will present challenges for continuity and resilience initiatives in the event of a technology outage, should organizations become entirely dependent on technology for a range of products or services.
The potential harm a botched digital transformation can cause was demonstrated by an outage at a UK bank, TSB, in early 2018. Rushed, inadequate testing and poor internal communication led to over 1.9 million customers being unable to access their accounts, with many reports of fraud being associated with the outage. Many other large organizations have also struggled with the complexity of digital transformations, such as General Electric, which faced significant delays and technological issues during a large digital transformation program in 2015.
It is highly likely that the hype surrounding new technologies entering the marketplace will drive business leaders to pursue ever more complex digital transformations. Rushing digital transformations will destroy consumer trust, attract the attention of opportunistic fraudsters and lead to financial and operational damage.
How Should Your Organization Prepare?
Organizations that undertake a digital transformation of any kind must carefully consider the risks that new technologies may bring, as well as how they are going to effectively integrate with legacy or underlying systems.
In the short term, organizations should review whether planned digital transformation programs have a sustainable dependency on legacy or underlying systems and assess new risks introduced by a digital transformation. Organizations should also prepare an action plan that includes regression testing and ensure that fail-safe principles are built into the digital transformation program.
In the long term, engage with other parts of the business to ensure that the information security function is involved during the planning stage of digital transformation programs and leverage digital transformation programs as an opportunity to champion the removal of legacy or insecure systems.