5 principles for effective cybersecurity leadership in a post-COVID world

_cybersecurity_

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Charles Blauner, Partner and CISO-in-Residence, Team8 & Georges de Moura, Head of Industry Solutions, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum


  • As more people are working from home during the COVID-19 pandemic, cybersecurity operations are facing tremendous new challenges.
  • Cybersecurity leaders, particularly Chief Information Security Officers (CISOs), must take stronger and more strategic leadership roles within their businesses during the crisis.
  • Five cybersecurity leadership principles would ensure effective business continuity in the “new normal.”

COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders.

However, the paradigm shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.

 

Cybersecurity operations are facing tremendous challenges:

  • Working from home has opened multiple vectors for cyberattacks through the heightened dependency on personal devices and home networks.
  • Social engineering tactics are even more effective on a distracted and vulnerable workforce.
  • Security Operations Centers (SOCs) have been designed to look for anomalous behaviors; today, SOCs are operating with impaired visibility because everything looks anomalous.
  • Critical business assets and functions are significantly more exposed to opportunistic and targeted cyberattacks by criminal organizations and nation states seeking to exploit vulnerabilities and plant seeds for future attacks.
  • Public-sector services such as hospitals and healthcare services are under acute pressure and have been hit particularly hard by new types of ransomware aimed at disrupting connectivity and denial-of-service attacks.

The security and privacy flaws discovered on the popular Zoom video conferencing application are a reminder that innovative entrepreneurs and businesses both have a role to play in reducing exposure to cyberattacks.

Security bugs and privacy-abusing practices are not new, but have been exacerbated by the growing demand for cost-effective and just-in-time solutions, along with the pressure to digitize and innovate quickly to keep ahead of competition, increase operational efficiencies, improve customer experience and improve business decisions with enhanced analytics.

Most worrisome risks for your company during the COVID-19 pandemic
Cyberattacks and data fraud rank third among the greatest COVID-related business concerns.
Image: World Economic Forum

In the COVID-19 context, cybersecurity leaders must strike a critical balance between security and privacy, time to operations and market, cost and convenience.

Within organizations, cybersecurity leaders need to take a stronger and more strategic leadership role. They need to move beyond being compliance monitors and enforcers to better integrate with the business, manage information risks more strategically and work toward a culture of shared cyber-risk ownership across the enterprise.

There is no silver bullet. To ensure that cybersecurity is a fundamental component of the business operating model and culture, the following questions will foster effective conversations between business leaders and Chief Information Security Officers (CISOs):

  • Have roles and responsibilities related to cybersecurity been clearly defined and communicated at every level of the organization up to the CEO and Board?
  • Do business leaders understand the cybersecurity risks they are accepting?
  • Are technology solutions designed, integrated and operated with security and privacy in mind?
  • Does the business incentivize the adoption of secure-by-design-and default practices on the businesses and products in which it invests?
  • Are third-party risks managed effectively?

The daunting challenge for CISOs is protecting the organization’s digital infrastructure and assets while enabling operations without interruption. For example, cybersecurity teams must adjust security programs and risk management practices to enable the massive shift to work-from-home tools and fast adoption of cloud services. At the same time, they must make it possible for security team members to look after themselves and their families during a health crisis.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The World Economic Forum’s new report, Cybersecurity Leadership Principles: Lessons Learnt During the COVID-19 Pandemic to Prepare for the New Normal, aims to guide cybersecurity and business leaders as they shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives. The proposals are to:

1. Foster a culture of cyber resilience

2. Focus on protecting the organization’s critical assets and services

3. Balance risk-informed decisions during the crisis and beyond

4. Update and practice the organization’s response and business continuity plans as business transitions to the “new normal”

5. Strengthen ecosystem-wide collaboration

The role of the CISO is to support the mission of the organization by ensuring that cyber risks are managed at a level acceptable to the organization. No organization today can expect the CISO to achieve faultless security in the current context. Effective cyber-risk management can, however, help businesses achieve smarter and faster transformation, and stay ahead in these uncertain times. The end goal is resilience.

The COVID-19 crisis has generated unprecedented challenges for organizations, forcing everyone to juggle professional responsibilities with important personal ones. The coming weeks and months are likely to bring more uncertainty. By adhering to these cybersecurity principles, CISOs can better uphold their organization’s security and maintain business continuity while also meeting their obligations to their business stakeholders.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

ILO’s Bureau for Employers´Activities to publish new study on women in business and management

MEPs adopt revised rules for road haulage operations in another EU country

Cholera surges, children in urgent need one month after Cyclone Idai slammed southern Africa – UNICEF

MEPs adopt new Fisheries Partnership with Morocco including Western Sahara

‘World’s deadliest sea crossing’ claimed six lives a day in 2018: UN refugee agency

Commission issues guidance on the participation of third country bidders in the EU procurement market

Draghi to lay his print on long term ECB policies prior to exiting next year

MEPs to grill Frontex director on agency’s role in pushbacks of asylum-seekers

Inequality in the delivery of health services

‘New tech’ business model threatens decent work conditions, warns UN

Risks rising in corporate debt market

Is euro to repeat its past highs with the dollar?

These are the countries with the highest inflation

Islamophobia is driving more US Muslims to become politically engaged, suggests report

5 ways to go green in your own kitchen

This is what different countries are doing to stop coronavirus from spreading

Central Asia: the European Union matches political commitment with further concrete support

Data and the future of financial services

UN agency chief calls Ethiopia’s revised refugee law ‘one of most progressive’ in Africa

An electric motorbike could help tackle big game poaching. Here’s how

The relation of deforestation and respiratory diseases

Central Mali: Top UN genocide prevention official sounds alarm over recent ethnically-targeted killings

How women are transforming the Arab world’s start-up scene

Fifth-generation cyberattacks are here. How can the IT industry adapt?

Terrorist content online should be removed within one hour, says EP

MEPs: Access to adequate housing should be a fundamental European right

FROM THE FIELD: Faces and Voices of Conflict

Why the world is not as globalized as you think

Solidarity Fund: €823 million in EU aid for eight member states

Coronavirus: the truth against the myths

A Sting Exclusive: EU Commission’s Vice President Šefčovič accentuates the importance of innovation to EU’s Energy Union

Trade: EU and 16 WTO members agree to work together on an interim appeal arbitration arrangement

Draghi’s negative interest rates help Eurozone’s cohesion

Gender Science: A sneaky healthcare risk factor

Stage set for successful 2020 Burundi elections, Foreign Minister tells General Assembly

Use space technology to build a better world for all, urges UN chief

‘Preserve, revitalize and promote’ indigenous languages, or lose a ‘wealth of traditional knowledge’, UN chief says

HPV vaccine: the silver bullet that saves women

Top UN officials sound alarm as Yemen fighting nears vital hospital in port city of Hudaydah

The city of Quito just made commuting quicker and safer

These 4 Nordic countries hold the secret to gender equality

Jo Cox’s murderer believed the ‘leave’ campaign leaders that the ‘remain’ vote is treason

Dangers of poor quality health care revealed ‘in all countries’: WHO report

Catalan Pro-Independence vote: how many hits can Brussels sustain at the same time?

In wake of ‘collapsed’ agreement, new wave of violence threatens millions in Syria’s Idlib

LGBTQI+ and medicine

Why carbon capture could be the game-changer the world needs

Christmas spending: Who can afford not to cut?

Promoting Health in the Brazilian Amazon: one nation but many cultures

Tropical Cyclone Idai affects 1.5 million across Mozambique and Malawi, as UN ramps up response

How young people can help respond to the coronavirus outbreak

The Great Reset requires FinTechs – and FinTechs require a common approach to cybersecurity

How curiosity and globalization are driving a new approach to travel

Political consensus critical ahead of Somalia election: UN mission chief

MEPs call for sanctions against Turkey over military operation in Syria

Will technology connect or divide us? The challenge for leaders in Globalization 4.0

COVID-19 threatens the developing world’s small businesses. This is how to save them

Is the ECB ready to flood Eurozone with freshly printed money?

EU–US: What is the real exchange in a Free Trade Agreement?

The world needs a circular economy. Help us make it happen

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s