5 principles for effective cybersecurity leadership in a post-COVID world

_cybersecurity_

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Charles Blauner, Partner and CISO-in-Residence, Team8 & Georges de Moura, Head of Industry Solutions, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum


  • As more people are working from home during the COVID-19 pandemic, cybersecurity operations are facing tremendous new challenges.
  • Cybersecurity leaders, particularly Chief Information Security Officers (CISOs), must take stronger and more strategic leadership roles within their businesses during the crisis.
  • Five cybersecurity leadership principles would ensure effective business continuity in the “new normal.”

COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders.

However, the paradigm shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.

 

Cybersecurity operations are facing tremendous challenges:

  • Working from home has opened multiple vectors for cyberattacks through the heightened dependency on personal devices and home networks.
  • Social engineering tactics are even more effective on a distracted and vulnerable workforce.
  • Security Operations Centers (SOCs) have been designed to look for anomalous behaviors; today, SOCs are operating with impaired visibility because everything looks anomalous.
  • Critical business assets and functions are significantly more exposed to opportunistic and targeted cyberattacks by criminal organizations and nation states seeking to exploit vulnerabilities and plant seeds for future attacks.
  • Public-sector services such as hospitals and healthcare services are under acute pressure and have been hit particularly hard by new types of ransomware aimed at disrupting connectivity and denial-of-service attacks.

The security and privacy flaws discovered on the popular Zoom video conferencing application are a reminder that innovative entrepreneurs and businesses both have a role to play in reducing exposure to cyberattacks.

Security bugs and privacy-abusing practices are not new, but have been exacerbated by the growing demand for cost-effective and just-in-time solutions, along with the pressure to digitize and innovate quickly to keep ahead of competition, increase operational efficiencies, improve customer experience and improve business decisions with enhanced analytics.

Most worrisome risks for your company during the COVID-19 pandemic
Cyberattacks and data fraud rank third among the greatest COVID-related business concerns.
Image: World Economic Forum

In the COVID-19 context, cybersecurity leaders must strike a critical balance between security and privacy, time to operations and market, cost and convenience.

Within organizations, cybersecurity leaders need to take a stronger and more strategic leadership role. They need to move beyond being compliance monitors and enforcers to better integrate with the business, manage information risks more strategically and work toward a culture of shared cyber-risk ownership across the enterprise.

There is no silver bullet. To ensure that cybersecurity is a fundamental component of the business operating model and culture, the following questions will foster effective conversations between business leaders and Chief Information Security Officers (CISOs):

  • Have roles and responsibilities related to cybersecurity been clearly defined and communicated at every level of the organization up to the CEO and Board?
  • Do business leaders understand the cybersecurity risks they are accepting?
  • Are technology solutions designed, integrated and operated with security and privacy in mind?
  • Does the business incentivize the adoption of secure-by-design-and default practices on the businesses and products in which it invests?
  • Are third-party risks managed effectively?

The daunting challenge for CISOs is protecting the organization’s digital infrastructure and assets while enabling operations without interruption. For example, cybersecurity teams must adjust security programs and risk management practices to enable the massive shift to work-from-home tools and fast adoption of cloud services. At the same time, they must make it possible for security team members to look after themselves and their families during a health crisis.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The World Economic Forum’s new report, Cybersecurity Leadership Principles: Lessons Learnt During the COVID-19 Pandemic to Prepare for the New Normal, aims to guide cybersecurity and business leaders as they shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives. The proposals are to:

1. Foster a culture of cyber resilience

2. Focus on protecting the organization’s critical assets and services

3. Balance risk-informed decisions during the crisis and beyond

4. Update and practice the organization’s response and business continuity plans as business transitions to the “new normal”

5. Strengthen ecosystem-wide collaboration

The role of the CISO is to support the mission of the organization by ensuring that cyber risks are managed at a level acceptable to the organization. No organization today can expect the CISO to achieve faultless security in the current context. Effective cyber-risk management can, however, help businesses achieve smarter and faster transformation, and stay ahead in these uncertain times. The end goal is resilience.

The COVID-19 crisis has generated unprecedented challenges for organizations, forcing everyone to juggle professional responsibilities with important personal ones. The coming weeks and months are likely to bring more uncertainty. By adhering to these cybersecurity principles, CISOs can better uphold their organization’s security and maintain business continuity while also meeting their obligations to their business stakeholders.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Yellow vests, rising violence – what’s happening in France?

Illegal fishing plagues the Pacific Ocean. Here’s how to end it

EU accused of being too nice with Gazprom in the infamous antitrust case

Portugal wants its emigrants back – so it’s paying them to return

Will the UK really have the highest coronavirus death toll in Europe, as a US study suggests?

‘Nothing left to go back for’: UN News hears extraordinary stories of loss, and survival as Mozambique rebuilds from deadly cyclones

Rare Disease Day: a new EU platform to support better diagnosis and treatment

Technology is a force for peace and prosperity. Don’t let its challenges obscure this

TTIP’s 11th round starts in Miami but EU-US businesses see no sunny side

The ECB accuses the politicians of inaction, continues injecting billions to banks

Euro-Mediterranean Assembly fixes its permanent seat in Rome

JADE Generations Club 2015: Knowledge vs. competences – Do not wait for the change to happen, but make it happen

These are the top countries for travel and tourism in 2019

UN agencies welcome regional road map to help integrate ‘continuing exodus of Venezuelans’

Why do thousands of migrants need to be drowned for Brussels to wake up?

Car emissions: MEPs set end on gap between lab and real driving emission tests

Fairer food supply chain: Agriculture MEPs clamp down on unfair trading

Why do medical students have to emigrate to become doctors in 2017?

EU regional differences betray an unjust arrangement

Trade barriers: EU removes record number in response to surge in protectionism

EU budget 2021-2027: Commission calls on leaders to set out a roadmap towards an autumn agreement

A Sting Exclusive: EU Commissioner Mimica looks at how the private sector can better deliver for international development

Business should be joyful – just ask the sports world

How racism spread around the world alongside COVID-19

Mali peace process in a ‘critical phase’, says head of UN Mission

4 key ways countries can finance their SDG ambitions

Coronaviruses: the truth against the myths

India can soar in the robot age. This is how

Poverty and social exclusion skyrocket with austerity

These countries have the highest minimum wages

In Sweden you can roam anywhere you like, without the landowner’s permission

World is ‘on notice’ as major UN report shows one million species face extinction

WHO and UNICEF in campaign to protect 1.6 million in Sudan from cholera

COP21 Breaking News: “We must accelerate the process”, Laurent Fabius cries out from Paris

UN and partners call for solidarity, as Venezuelans on the move reach 4.5 million

Ten new migratory species protected under global wildlife agreement

COP21 Breaking News: Paris Pact on Water and Climate Change Adaptation Announced

The EU finally seizes the opportunity to support the sharing economy?

Western Balkans’ leaders meeting: EU reinforces support to address COVID-19 crisis and outlines proposal for post-pandemic recovery

Estonia: use robust growth to improve income equality and well-being

Here’s how a circular economy could change the world by 2030

Here’s how we get businesses to harmonize on climate change

Cameron’s “No Brexit” campaign wins top business support as Tory front breaks

How Africa and Asia are joining forces on universal healthcare

Our indispensable problem: the paradox of modern plastics

Iran-US attack in Iraq: Guterres pledges ‘active engagement’ in further de-escalation efforts

FROM THE FIELD: Changing world, changing families

“One Belt One Road”: Its relevance to the European Companies

UN health experts warn ‘dramatic resurgence’ of measles continues to threaten the European region

MEPs to debate priorities for 28-29 June EU summit

Changing world of work needs new jobs strategy

EU-wide penalties for money laundering: deal with Council

Opposite cultures: Should it be a problem?

UN experts decry torture of Rakhine men and boys held incommunicado by Myanmar’s military

Why this is the year we must take action on mental health

5 ways to swim, not sink, as part of a ‘liquid workforce’

Israel is joining forces with Arab states to save coral from climate change destruction

COP21 Breaking News_12 December: 195 countries adopt the First Universal Climate Agreement

Use “blockchain” model to cut small firms’ costs and empower citizens, urge MEPs

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s