Learnings from Covid-19: the new normal for cybersecurity leaders
By Vishak Raman
At the beginning of 2020, digital transformation was, in many ways, like the internet of 1998 – in its nascent and exploratory phase, alluding to, but not quite manifesting, its incredible possibilities. The last few months, however, have accelerated digital transformation manifold, driven in part by necessity, and in larger part, our collective resilience in the face of an unimaginable crisis.
As a result, we have seen technology omitting borders across businesses, imparting knowledge across oceans, allowing governments to continue delivering essential citizen services, helping frontline workers battle the pandemic, and so much more. In this journey of technological advancement, the biggest and most urgent challenge is cybersecurity. Vast amounts of sensitive data are being exchanged digitally; there is a heightened use of personal devices and home networks, and with the workforce distributed and distracted, cyberattacks across platforms are increasing. Holistic, end-to-end data security has, therefore, become an integral and indispensable necessity for organizations in the new world post-Covid.
Now, cybersecurity is not a “good-to-have” but a must-have. However, more than technology or strategy, nurturing a culture that recognizes cybersecurity as a top priority is critical. To achieve this, there must first be synergy between business leaders, functional leaders, and security leaders because the decisions that the former two make will determine the course of action for the latter.
Security leaders, as a result, have to assume a much larger and more strategic responsibility here – from administering compliance protocols to integrating security into every aspect of the business and fostering a culture of shared risk ownership at every level of the organization. They must look at these factors in planning for the evolving digital risk environment.
Establishing Security Preparedness
The threat landscape today has expanded in size, but also become much more sinister and complex in nature, with companies and individuals more digitally connected than ever before. For instance, the World Health Organization in April reported a fivefold surge in the number of cyberattacks against its staff and email scams targeting the public in general.
Incident response is one of the top priorities for security leaders at this time. Leaders must plan for adverse events, which would ensure that a successful cyberattack does not cripple the organization or compromise vital systems in the long run. This includes mapping roles and responsibilities for all kinds of remote scenarios, ensuring that security playbooks are readily available to SecOps teams, and running regular security drills for DDoS and IT/OT attacks.
For those considering shifting to remote models permanently, privacy and information will take precedence. Policies will need to be formulated on factual, minimal, and selective access, based on individual risk profiles.
Enhancing Security Operations
As remote working, learning, and transacting become the norm, and firms across sectors look to migrating their processes and data to the cloud, CISOs must revalidate SecOps testing on-premise, as well as cloud-based monitoring. This would include refining and configuring internal security monitoring and logging for remote workers, as well as virtual segmentation and fortifying endpoint protection. For mission-critical services, privileged access protocols must be put in place.
These tasks may prove too complex for anyone to perform on their own. Partnering with organizations that have the experience and expertise in enabling end-to-end enterprise-grade security will become imperative.
Securing newly remote environments
During the pandemic, several security leaders had to alter their strategy as their organizations enabled users to work, learn, shop, transact, and even access essential citizen services from home. This drastic measure, taken quickly and at scale, required the trading off of certain smaller threats to address the more immediate and daunting ones. Going forward, security leaders will need to develop blueprints for a comprehensive strategy that emphasizes the addressing of every risk.
In this context, a Zero Trust security framework, which can help safeguard people, information, and assets much more effectively than any singular measure, will become the greatest defense for security leaders. Zero Trust assumes that all environments are hostile and breached, and therefore proactively identifies and prevents attacks, protecting data at all endpoints through multi-factor authentication, DNS-based security, EDR (Endpoint Detection and Response), data leak prevention and enhanced SecOps.
However, while these measures can help protect information and privacy, another crucial task is training and retraining business and functional leaders on best practices of data sharing, risk management, etc.
Leading towards a secure and connected future
Security leaders across the globe have had their work cut out for them during this crisis, working tirelessly to allow their teams to continue working productively and staying connected with each other. Now, as the low-touch, contactless economy becomes a reality, bringing with it new business models, cybersecurity is perhaps the biggest challenge in creating a safe borderless world.
Here, CISOs can serve as the bridge between leadership teams, functional leaders and their own Security Operations team to prepare for and align with new business model security risks. With drastic operational changes, rise in remote working practices, changes in regulations and legislation taking place, the role of cybersecurity leaders has expanded tremendously, presenting the prospect of taking thought leadership within their company beyond planning and implementing technology controls.
As security becomes foundational to everything we do, security leaders can rise to the occasion, taking proactive decisions in tandem with business leaders to recognize and respond to both challenges and opportunities that will form the basis of their success beyond Covid-19.