[BreachExchange] How to avoid legacy IT costing your business more than money

Audrey McNeil audrey at riskbasedsecurity.com
Mon Mar 19 21:18:25 EDT 2018


https://www.scmagazineuk.com/how-to-avoid-legacy-it-
costing-your-business-more-than-money/article/747437/

Holding back on digital transformation might cost your business more than
just revenue. It could damage your ability to hire and retain top talent,
leave you vulnerable to data breaches and harm your brand's reputation.

Far from being a world leader, the UK currently ranks 14th out of 140 major
world countries for business-level tech adoption. With the “fourth
industrial revolution” well underway, businesses should be aiming to thrive
in the new world order, not merely survive.

So how can businesses  break free from legacy IT to be more agile,
competitive and innovative in today's digital-first economy?

How to spend

Based on the latest statistics from PwC, chances are your business is
channelling more and more funds into tech each year, but doing so blindly
can waste a lot of money.

Building out your digital strategy is a platform to bigger and better
things, but buying tech is not a guarantee of digital nirvana! As a senior
team, review your main business goals to develop an outcome-driven IT
investment strategy, filling in existing gaps and setting up for long-term
growth. Ask yourself key questions like: “Where would we like to be in the
next five, 10 or even 15 years?”, “How are our competitors innovating?” and
“What will our customers expect from us?”

Underpin strategic investments in your network, hardware and software, by
spending wisely on asset management and tooling, which will help free up
time and resources and make operational decisions quicker and more accurate.

How to integrate

Updating and improving legacy data and systems is a concern for half of
CIOs. Restrictive budgets, internal politics and the threat of disruption
can make it difficult to upgrade.

However, making use of cloud services can change the cost profile of your
IT spend and enable you to spend more time on strategic activities instead
of running infrastructure. Correctly configured, cloud can leave you
better-protected and provide the flexibility to adapt to changing business
goals.

There's no need to update valid technologies unless the cost of maintaining
them outweighs the upgrade cost. Do take into account some legacy systems
can increase your vulnerability to cyber-attack if they were not designed
for the current threat landscape.

During the transition phase, it's likely you'll need to mix legacy IT to
keep your business going while you develop the new. A hybrid-cloud model
(making use of on-premise “private cloud” and public cloud services) can
give you the opportunity to build a new digital environment and prototype
in a safe arena, separate from day-to-day operations, and with more
flexible cost and operational models.

How to evolve

In case you've missed the headlines, the digital skills gap is costing the
UK economy an estimated £63 billion per year and businesses have a vested
interest in helping to improve this. After all, employee buy-in can make or
break digital transformation.

Identify the tech-savvy, ‘digital champions' to lead transformation on the
ground and break down complex changes into more manageable chunks. Support
this with top-down messaging from the C-suite, explaining how day-to-day
roles will be impacted in the pursuit of business goals. Invite in
professional trainers to run group or one-on-one sessions on new systems,
data analysis and cyber-security to promote continuous learning.

How to protect

Cyber-crime is one of the greatest challenges of modern business, with 46
percent of UK companies experiencing one or more breaches in the past 12
months. Far from being an after-thought, cyber-security needs to be
hard-wired into all parts of your infrastructure.

Focus on getting the basics right first. Often, hackers target
vulnerabilities which are simple to avoid through remote management of
devices, encryption, multi-factor authentication, anti-virus and software
patch updates and network segmentation.

Without developing a complex about it, bear in mind a significant
percentage of security breaches are caused by “insiders”. For example, 25
percent of cyber-attacks on the healthcare sector in 2016 were carried out
by “malicious” employees. Consider adopting a system of “least privilege”
when it comes to network permissions to prevent employees being able to
access sensitive data they don't need.

As more devices are added to your network and more employees work remotely,
SIEM tools can help give you estate-wide visibility of both expected and
strange occurrences and help your IT team respond quickly to real threats.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180319/d86fb6ff/attachment.html>


More information about the BreachExchange mailing list