Thursday, January 31, 2019

Enterprise digitalization and cybersecurity: How companies struggle

Cybersecurity Workshop at Zeppelin University
Last Friday, 25.01.2019, I attended the Cybersecurity workshop of the "Bodensee Innovationscluster Digitaler Wandel" (digitalization). The innovation cluster is organized by the Zeppelin University in Friedrichshafen. It tries to bring together companies from the wider Lake Constance region that are impacted by digitalization. The researchers have identified four topics that will be addressed:

  • Impact of artificial intelligence (AI) on the business model and on society
  • Life-long learning and technology - company-internal acceptance
  • Cybersecurity
  • Digital sustainability management
The event drew about 40 attendees from local companies, police and some universities. The afternoon was divided into two tracks. One covered the technical aspects (white hat hacking / pen-test, mitigation and forensics), the other the management view (compliance / risk management, liability).
Many companies started to look into cyber security and by ordering a penetration test.

From the discussion, most companies are struggling to adequately address the security issues. A reason is that a good chunk of issues can only be addressed by organizational change or by replacing old systems (not supported by vendor, software no longer available or maintained). Similar to reliability and failover tests, there needs to be emergency training on how to react after systems were hacked. Often, enterprises have not a full overview of their systems (shadow IT?) and hence do not even have early incident warnings. It is not uncommon that white hat hackers find systems with residues of earlier hacks - quite disturbing.

Here are some resources on that topic that I find quite useful:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.