When the world changed two months ago, most CISOs founds themselves facing a new set of challenges. As millions of employees began working from home, any remaining notion of organizations having a defined perimeter to defend was put to rest.
Instead, CISOs and their cyber teams suddenly faced an exponential increase in the attack surface that had to be protected. They also had to quickly respond to training and reminding employees what safe practices look like in a work-from-home environment.
But on a positive note, the seismic shifts in the global business environment that have been precipitated by the international pandemic are also creating opportunities for CISOs to act as change agents and help transform the business going forward.
“This is an opportunity for CISOs to help change the business,” says Stan Lowe, CISO at Zscaler. Lowe was one of the speakers for HMG Strategy’s New York CISO Virtual Summit on May 7.
Of course, now that the entire workforce is remote, the security challenges facing CISOs and their teams are multi-faceted. This includes ensuring that employees are following policies and procedures effectively, says Roota Almeida, CISO at Delta Dental of New Jersey and Connecticut.
In the pivot to remote work, “enterprises need to invest in the controls needed to shore up security in this highly-distributed environment,” says Sonia Arista, Field CISO at Fortinet.
In addition, CISOs also need to clearly articulate the risks that must be considered in the work-from-home environment to the executive team and the board, says Tim Sadler, CEO & Co-Founder at Tessian.
While remote work creates a slew of security challenges for CISOs and their teams, there are also opportunities for the business to operate more efficiently. “In a remote work environment, the business can move faster and operate better,” says Nir Gertner, Chief Security Strategist at CyberArk.
In the CISO’s Wheelhouse
As frightening as the pandemic is, the security threats and risks that are associated with the crisis are embedded in a security professional’s DNA. “As security professionals, we’ve been training for this moment our entire careers,” says Frank Price, SVP & CIRO at Hudson's Bay Company.
Price points out a few lessons learned from the current crisis. The first is that not all employees are accustomed to working in an online-only environment, so it’s important to be sensitive to their needs and concerns.
In addition, one of the things that’s different in this crisis “is that the mitigation phase is going to be longer than in other crises,” says Price.
Each of the speakers agree that CISOs who lead calmly but confidently and help guide their companies consistently and securely through this crisis position themselves well in their career ascent. Says Stephen Spagnuolo, Digital Security & Risk Practice Lead at Stanton Chase, “If you’re doing your job well as a CISO, that’s the best way to strengthen your brand in this current environment.”
To view more of the thought leadership shared at HMG Strategy’s New York CISO Virtual Summit, click here.
Check out information regarding HMG Strategy’s upcoming Washington, D.C. CISO Virtual Summit on May 29 by clicking here.