According to Gartner, 91% of businesses are involved in some form of digital projects, and 87% of senior business leaders prioritize digital transformation initiatives. The paradigm shift towards digital transformation is imperative with the rapidly evolving business landscape driven by technological advancements and customer expectations. Organizations are leveraging on digital technologies to streamline processes and enhance agility and collaboration. Although digital transformation presents a myriad of opportunities and benefits, it simultaneously introduces cybersecurity challenges that organizations need to address. 

In the 17th episode of the NextLabs Cybersecurity Expert Series, we sat down with Christophe Foulon to discuss the role of cybersecurity in ensuring a secure digital transformation. He covers how cybersecurity plays a crucial role in digital transformation efforts, what roles regulatory compliance and data privacy regulations play in shaping cybersecurity requirements, and much more. 

Christophe Foulon is the founder and coach at CPF Coaching with more than 15 years of experience in the cybersecurity industry. 

Read his insights below or watch the full Q&A video on our YouTube. 

How does cybersecurity play a crucial role in digital transformation efforts?

When considering any digital transformation efforts, which is the conversion from paper to digital or the conversion from on premise manual services to potentially cloud services, individuals have to understand the process flow in which documentation and data flows from their possession into the possession of the solution as a service provider. 

That being said, there’s a set of shared responsibilities that needs to be considered between the data owner and those that have the shared responsibility of hosting the data in the cloud or off site. That means depending on the level of solution being provided, whether it is software as a service, infrastructure as a service, or platform as a service, there’s going to be varying levels of shared responsibility. 

It is upon the data owner or the process owner to fully understand what those shared responsibilities are so that they can understand what sorts of controls that they need to put in to be able to control access to their data, control who can see their data and what processes can access their data. 

So, what roles do regulatory compliance and data privacy regulations play in shaping cybersecurity requirements during digital transformation? 

Regulatory bodies play a very interesting role when it comes to shaping some new innovation. Let’s take, for example, data privacy and artificial intelligence. 

Previously, companies, especially in North America, were known to take advantage of loose regulatory and compliance requirements when it came to the way that they captured the data, the use cases for the data, and how could they use that data in the future.

With increased regulation and monitoring around these use cases, we can hold companies accountable to only use in the data that they acquired for the potential use case which they’re using it for. So, for example, if it was used to attract new customers for service A, maybe it shouldn’t be allowed to be used for creating a new service at Company B because it’s being sold to Company B. There should have been access and permissions granted in order for that data to transfer hands and for it to be used in that new use case. 

Without regulations and regulatory bodies enforcing these regulations, data has been bought and sold as a commodity and it’s a concern for the privacy of the individuals whose data is just being sold like that. 

Great insights. Could you share with us what are the key technologies and tools that can enhance cybersecurity in the context of digital transformation? 

It’s challenging to say that some very particular tools will help with digital transformation and innovation because each company’s use case is different.  

Some tools might be to help them drive awareness and visibility into their cloud environment which they might not have had on premise because they didn’t invest in those solutions. Other solutions could help them easily find data within the cloud service provider’s environment, tag that data in order to protect it using some sort of protection like DLP within the technology stack. So, the key that I would tell individuals is to focus on the data that the company needs in order to deliver results. 

So, if you’re a marketing company, having the access to those that subscribe to your marketing magazine or your marketing e-mail, having that access and data protected is going to be critical to your business because if there’s a breach of that data from your system, your customers are not likely to come back. 

So, each company is going to have different sets of technologies, but I would recommend focusing on technologies around the core products which makes your organization successful. So that could be data as well as intellectual property, different processes, things like that. 

Thank you for sharing. So, what are the emerging trends and future challenges in the realm of cybersecurity and digital transformation?

Well, some of the emerging trends are going to be around the use of AI. And I think specifically talking around the use of AI, there’s several things that people need to understand. There are different use cases for which machine learning and artificial intelligence can be used, and there’s also specific outputs from what these AI methodologies can produce. 

So, for example, large language models. What they do is they assess all the data within their model that they have been trained for, and when you provide a prompt, they will provide an output guessing the words that come in the sequence for the prompt that you guessed. 

So, it might not always be accurate, it might not be 100% spot on, and it’s upon the human to validate that data. We can’t just take those responses as gold or as a solid response from the machine. Sometimes they will be, sometimes they won’t. But it’s still up to the human to validate the outputs before using them in a business context. 

Because for example, if you asked an LLM to create your policy, it might do a really good job for 99% of it, but just that 5% error rate could result in a liability lawsuit or some other kind of lawsuit for your company. So, go in, check, validate all the outputs and use a human eye to confirm that’s what you intended to produce. 

Thank you so much, Christophe. 

This concludes Episode Seventeen. Stay tuned for Episode Eighteen where we will have more insights from a new expert. Watch previous episodes of NextLabs’ Cybersecurity Expert Series to learn more about other important cybersecurity topics such as Data Security, Ransomware and Zero Trust Architecture (ZTA).