In episode 1 of our Security Leaders Perspectives series, cybersecurity leaders share what they have learned about security as a result of the pandemic, and how/if it has drastically changed practices and priorities.
It’s All in the Details – Charles Blauner
“The role of a CISO at its most fundamental is to understand what your most critical assets are and do whatever you have to do to protect those most critical assets.”
The COVID-19 pandemic hasn’t changed a CISO’s core priorities. What has changed is the details. In a work from home environment, the definition of “critical”, where data is stored, and the controls required to protect it have shifted. This may force changes in the technology and technical details that CISOs use to achieve their goals, but the underlying philosophy of the CISO role remains the same.
Things Have To Move Faster – Leon Ravenna
“There’s no longer a 12-month project. There’s no longer a 9-month project. Things need to be done in a 45-90 day window.”
The COVID-19 pandemic has created an environment of uncertainty, where no-one knows for certain when the next wave will hit. This has made it necessary for everything to move faster, which may persist past the end of the pandemic. While many organizations have accomplished this for now, keeping up the pace may be difficult.
Business Continuity Is Essential – Larry Trittschuh
“The biggest change and biggest impact on CISOs is that I’m responsible for crisis management.”
With COVID-inspired work from home, CISOs are now responsible for ensuring that the business can continue to operate even when the workforce is operating correctly. Beyond the pandemic, natural disasters like wildfires, electrical outages, and hurricanes will continue to occur. CISOs need to keep the business running despite the fact that much of the redundancy that they’ve traditionally relied upon (backup power, internet connections, etc.) is no longer available to much of the workforce.
Focus on Controls – Max Tumarinson
“There’s additional oversight that I don’t think would happen if we weren’t in a COVID situation.”
The COVID-19 pandemic and the resulting widespread telework has not changed organizations’ responsibilities for regulatory compliance and data security. Due to the unusual circumstances, there has been increased scrutiny both internally and from regulators to ensure that security controls are effective and compliance is maintained while employees work from home.