Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The challenges of being a CISO during the COVID-19 pandemic

IT Security Guru catches up with Security Serious Unsung Heroes Awards finalist Dominic Grunden to get his take on being a CISO during the pandemic

by Guru Writer
October 14, 2021
in Insight
The challenges of being a CISO during the COVID-19 pandemic
Share on FacebookShare on Twitter

The pre-COVID-19 CISO. The global COVID-19 pandemic has been a tumultuous time for Chief information security officers (CISOs) who on any given day have a long and complicated list of responsibilities. CISOs are no strangers to disruption and challenges, but during the pandemic they have faced many disruptions it has caused and created a wealth of new challenges.

Securing a rapid transition to a remote workforce. COVID-19 accelerated the shift to remote working globally and, while the opportunity to work from anywhere has been welcomed by many globally, it has presented multiple security challenges. The most immediate challenge was as employees suddenly found themselves in a remote working model, CISOs had to adjust and determine how to establish secure connections for newly remote workforces who were suddenly working from home on devices that have never been part of the corporate domain before. In my organisation, we had the best-case scenario, to ensure business continuity, employees had been previously transitioned to company issued devices that were already managed by the security organisation.

An explosion of cyber risks and a complicated and constantly changing threat landscape. The initial challenge is that with a remote working model from the threat actor’s perspective, all of these employees working remotely, isolated in their homes, and working on potentially unsecure devices and networks present a perfect storm opportunity.

A collateral effect of the rapid expansion of remote working has been the related cyber risk of cyberattacks aimed at the remote workforce. Aside from the need to rely upon home Wi-Fi or other networks potentially lacking the protection available in a workplace setting, employees working remotely may forget or ignore the Security 101 basics, such as failing to use virtual private networks (VPN) or signing into work accounts using shared family devices.

Threat actors have reinvented their attack approaches during the ongoing pandemic and attacks are skyrocketing against organisations and often by compromising employees working remotely. These approaches included COVID-19 oriented phishing and online scams; disinformation and misinformation campaigns; disruptive malware, including ransomware; data-harvesting malware; malicious domains and weaponised websites; and social engineering have become challenges. While the types of attacks may not be new, their volume has made it difficult to monitor and address in a timely manner, especially across a security organisation workforce that is already stretched thin.

In an effort to prevent such attacks in my organisation, there are controls implemented to mitigate the risks when an employee receives an email from an external source that has a link. When employees click on the link, recipients are not immediately getting the page on their browser or in their device. It first is isolated and vetted in a “vetting zone.”  However, technology by itself isn’t enough to solve the problem because all it takes is one employee who falls victim to a combination of social engineering and technical attacks to inadvertently expose the organisation.

Budget and resource constraints. While cyber challenges may not be addressed merely by throwing money or other resources at them, the severe retractions suffered by so many businesses have resulted and will likely continue to result in ongoing budget and resource And despite the recognition that cybersecurity is a priority, scarcities of funds and other resources may inevitably lead to fewer dollars and resources being committed to cybersecurity, aggravating the challenges faced by an already stretched workforce.

Focus on work-life balance, empathy, and emotional intelligence. The challenge was at the start of the pandemic, CISOs and the security organisation went into firefighting mode like we do all the time in security continuing this cadence for so long the CISO and the security organisation can feel the stress of being overworked with no possible no end in sight.

As a CISO, I found myself and the security organisation fortunate to have done a good job planning for the unexpected as part of cyber resiliency. One of my key successes during the pandemic to alleviate the increased workload on my security teams by offering perks and incentives to boost morale. Some of these perks and incentives was awarding a “you day” where an employee was given the day off with pay; allowing certain employees, naturally under COVID-19 safety precautions, to come back to the office for mental health reasons; engaging HR to coordinate sending employees a box full of goodies to show appreciation and for those with children at home got a box full of things for the kids to do; regulating the amount of hours any specific employee could work beyond the normal day; and thinking outside the box of how do we keep our people connected, healthy, and motivated when we’re such a connected company by nature.

Opportunities and positives on the security industry. As a member of ClubCISO, according to the latest Information Security Maturity Report, 88% of security executives said their existing security infrastructure has held up well during the pandemic which is very positive in the event of a global cyberattack which would have similar characteristics of the COVID-19 pandemic.

Despite the array of extraordinary challenges CISOs have dealt with during the pandemic, there are several positive impacts to the security and cyber industry such as elevating awareness of security and how cyber impacts many aspects of a business; security issues and the consequent spending on addressing those issues; improving the defending of systems from attacks; dealing with cyber incidents; and the shift to remote working had improved work-life balance.

Another key positive is the increases in innovation and development. COVID-19 continues to be a major market disruptor that has led to unprecedented levels of innovation. Due to the lockdown, many companies have had to undergo rapid digitalisation and reinvent themselves with a new ‘business as unusual’ strategy. Some companies are using this wave of innovation to reimagine their business model; change or grow their market by taking technologies or services to market in record time, with accelerated product development times encouraged by new working practices and processes.

A new era for cybersecurity.  The pandemic has ushered in a new era of cybersecurity. IT security professionals who raise their game and protect their companies’ people, technology and data from new or heightened risks of more sophisticated cybercriminals will be crucial players in the economic turnaround.

This pandemic has given the CISO role and security industry an opportunity to redefine its role and value proposition. Security technology is no longer seen as devices that are solely used to keep people and property safe, but it is finally becoming a strategic tool to help improve business operations. AI-based security solutions and cameras are now able to go beyond security to capture valuable marketing and sales transaction data, analysing customer patterns and behaviour. By leveraging business and operational intelligence data that can pay for itself and directly affect the profitability of the organisation, the security industry is on the cusp of morphing from a tactical application to a truly strategic enterprise-shaping role.

Conclusion. The pandemic bestowed unprecedented challenges CISOs to the security industry. It also presented a wealth of new opportunities for the CISO role and security industry. Both trends are likely to continue as there remains a lot of speculation about what happens after the pandemic, as the pandemic takes from the security market with one hand while giving back with the other. Fortunately, the security industry continues to be in better shape than many others as the pandemic continues to evolve and play out.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

AT&T Cybersecurity Launches New Managed XDR Solution

Next Post

Armis Appoints new Chief Advocacy Officer and General Manager

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 30, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information