Fortinet’s 2018 Security Implications of Digital Transformation Survey looks at the state of cybersecurity in organizations around the world from the lens of digital transformation (DX). Three hundred responses from CISOs and CSOs at large organizations helped us identify several current trends:

• Digital transformation is the most impactful IT trend on
  businesses today, with 92% responding that it has a large impact today.
• Security is by far the biggest challenge to DX efforts, with 85% of respondents saying it has a large impact.
• The typical organization saw four attacks that resulted in data loss, outages, or compliance events over two years.
• Many companies have automated some of their security procedures, but they are even further behind with other security best practices.
• Big chunks of infrastructure remain vulnerable in the typical organization, with 25% of the infrastructure not adequately protected at the typical organization.

Looking more deeply into the data, we identified a subset of “top-tier” organizations that have not suffered a damaging attack in the past two years. Comparing these organizations’ security practices with those from “bottomtier” organizations, we found they are more likely to follow these practices:

1. Integrate systems to create a unified security architecture
2. Share threat intelligence across the organization
3. Ensure safeguards work on all parts of the network
4. Use built-in compliance controls
5. Have end-to-end security visibility
6. Have automated more than half of their security practices

The implications are clear. Holistic and integrated security strategies are more effective than siloed, reactive ones. A strategic approach becomes increasingly important as an organization’s attack surface increases with the proliferation of Internet of Things (IoT) devices, mobile connectivity, and cloud-based solutions. A comprehensive strategy that unifies IT tools and processes across all parts of the network is necessary for addressing advanced threats such as polymorphic attacks, as well as new vulnerabilities that sneak in because of DevOps. At the same time, integration of security elements is a foundational requisite for an organization seeking to automate workflows and threat-intelligence sharing.