Digital strategies have driven immense digital transformation over the past few years. While it has undoubtedly brought many benefits, it has also added to the complexity of doing business today. Risks and threats are evolving on a daily basis as a result of widespread connectivity, the use of internet-enabled devices, processes and sophisticated criminal distractors.
Jon Cowcroft states that “Computer and communication systems are both fragile and vulnerable, and so the risk of catastrophic loss or theft is potentially much higher. A single keystroke can delete a public database, or expose a private dataset to the world.” (Duality of Resilience and Privacy, 2015). This underscores the point that digital resilience has become a business issue.
Achieving and maintaining digital resilience must involve the entire business, the whole organisation. It isn’t just the responsibility of IT, a security team, a data privacy officer or a Chief Security Officer. Creating and maintaining digital resilience requires teams to work with executives and managers across the organisation to prioritise all business digital data assets. The objective is to analyse the business value of digital data items as well as their vulnerability to attack.
Resilience is the ability to deal with high levels of challenge while maintaining and/or recovering well-being and performance. Digital resilience never makes the hopeful, but false, assumption that security will stop all attacks and breaches. Therefore, resilience is about surviving inevitable attacks and penetrations, about continuing to do business even under attack, about discovering breaches and containing them, and about ultimately prevailing – in spite of the challenges. It’s about being prepared for the unexpected.
In addition to the above, increased sophistication in Data Privacy Legislation, which stipulates regulatory rules on the personal data, compels a business to adhere to additional statutory requirements that should be part of the digital resilience efforts.
The challenge for many corporations is how to collect and use personal data without breaching the Protection of Personal Information Act, or any Privacy Act applicable to the individual from whom data is being collected. Furthermore, the debate in South Africa about primary personal data use, secondary personal data use, and associated personal data use (i.e. inferred data collection from cookies or other means) is still in its infancy.
Effective digital resilience is, without doubt, an important Critical Success Factor for any corporation that has a digital strategy. Digital resilience is not a “nice-to-have”. It will become that benchmark which separates successful corporations from those corporations in distress.
Talk to us about your digital resilience strategies. We have experience on both a national and international level when it comes to data privacy and business.