5 principles for effective cybersecurity leadership in a post-COVID world

_cybersecurity_

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Charles Blauner, Partner and CISO-in-Residence, Team8 & Georges de Moura, Head of Industry Solutions, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum


  • As more people are working from home during the COVID-19 pandemic, cybersecurity operations are facing tremendous new challenges.
  • Cybersecurity leaders, particularly Chief Information Security Officers (CISOs), must take stronger and more strategic leadership roles within their businesses during the crisis.
  • Five cybersecurity leadership principles would ensure effective business continuity in the “new normal.”

COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders.

However, the paradigm shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.

 

Cybersecurity operations are facing tremendous challenges:

  • Working from home has opened multiple vectors for cyberattacks through the heightened dependency on personal devices and home networks.
  • Social engineering tactics are even more effective on a distracted and vulnerable workforce.
  • Security Operations Centers (SOCs) have been designed to look for anomalous behaviors; today, SOCs are operating with impaired visibility because everything looks anomalous.
  • Critical business assets and functions are significantly more exposed to opportunistic and targeted cyberattacks by criminal organizations and nation states seeking to exploit vulnerabilities and plant seeds for future attacks.
  • Public-sector services such as hospitals and healthcare services are under acute pressure and have been hit particularly hard by new types of ransomware aimed at disrupting connectivity and denial-of-service attacks.

The security and privacy flaws discovered on the popular Zoom video conferencing application are a reminder that innovative entrepreneurs and businesses both have a role to play in reducing exposure to cyberattacks.

Security bugs and privacy-abusing practices are not new, but have been exacerbated by the growing demand for cost-effective and just-in-time solutions, along with the pressure to digitize and innovate quickly to keep ahead of competition, increase operational efficiencies, improve customer experience and improve business decisions with enhanced analytics.

Most worrisome risks for your company during the COVID-19 pandemic
Cyberattacks and data fraud rank third among the greatest COVID-related business concerns.
Image: World Economic Forum

In the COVID-19 context, cybersecurity leaders must strike a critical balance between security and privacy, time to operations and market, cost and convenience.

Within organizations, cybersecurity leaders need to take a stronger and more strategic leadership role. They need to move beyond being compliance monitors and enforcers to better integrate with the business, manage information risks more strategically and work toward a culture of shared cyber-risk ownership across the enterprise.

There is no silver bullet. To ensure that cybersecurity is a fundamental component of the business operating model and culture, the following questions will foster effective conversations between business leaders and Chief Information Security Officers (CISOs):

  • Have roles and responsibilities related to cybersecurity been clearly defined and communicated at every level of the organization up to the CEO and Board?
  • Do business leaders understand the cybersecurity risks they are accepting?
  • Are technology solutions designed, integrated and operated with security and privacy in mind?
  • Does the business incentivize the adoption of secure-by-design-and default practices on the businesses and products in which it invests?
  • Are third-party risks managed effectively?

The daunting challenge for CISOs is protecting the organization’s digital infrastructure and assets while enabling operations without interruption. For example, cybersecurity teams must adjust security programs and risk management practices to enable the massive shift to work-from-home tools and fast adoption of cloud services. At the same time, they must make it possible for security team members to look after themselves and their families during a health crisis.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The World Economic Forum’s new report, Cybersecurity Leadership Principles: Lessons Learnt During the COVID-19 Pandemic to Prepare for the New Normal, aims to guide cybersecurity and business leaders as they shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives. The proposals are to:

1. Foster a culture of cyber resilience

2. Focus on protecting the organization’s critical assets and services

3. Balance risk-informed decisions during the crisis and beyond

4. Update and practice the organization’s response and business continuity plans as business transitions to the “new normal”

5. Strengthen ecosystem-wide collaboration

The role of the CISO is to support the mission of the organization by ensuring that cyber risks are managed at a level acceptable to the organization. No organization today can expect the CISO to achieve faultless security in the current context. Effective cyber-risk management can, however, help businesses achieve smarter and faster transformation, and stay ahead in these uncertain times. The end goal is resilience.

The COVID-19 crisis has generated unprecedented challenges for organizations, forcing everyone to juggle professional responsibilities with important personal ones. The coming weeks and months are likely to bring more uncertainty. By adhering to these cybersecurity principles, CISOs can better uphold their organization’s security and maintain business continuity while also meeting their obligations to their business stakeholders.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

For how long and at what cost can the ECB continue printing trillions to keep euro area going?

UN genocide adviser welcomes historic conviction of former Khmer Rouge leaders

Insurer CEOs Reveal Marketing Strategies that Communicate the True Value of Insurance Products & Services to the Customer

Entrepreneur India Convention 2016: Bringing together Entrepreneurs, Investors, Startups and SMEs

How electrification can supercharge the energy transition

Switzerland fast-tracks emergency aid for small businesses weathering COVID-19

Calculators didn’t replace mathematicians, and AI won’t replace humans

Mexico needs a new strategy to boost growth, fight poverty and improve well-being for all

Yemen: Recent uptick in fighting contradicts desire for peace

Look to cities, not nation-states, to solve our biggest challenges

Successful third issuance of EU SURE bonds by the European Commission

We must work together to build a new world order. This is how we can do it

Colourism: How skin-tone bias affects racial equality at work

‘Air bridge’ vaccination operation begins for Ebola-hit communities in DR Congo

Bring killers of journalists to justice: UN agency seeks media partners for new campaign

As children in Ebola-affected areas of DR Congo head back to school, UNICEF ramps up support

State aid: Commission approves €30 billion French subordinated loan scheme to support companies affected by the coronavirus outbreak

Member states jeopardising the rule of law will risk losing EU funds

A Sting Exclusive: why the environment is important to your health, by UNEP’s Head for Europe

Myanmar: New UN envoy offers to serve ‘as a bridge’, recognizes ‘positive steps’ over Rakhine state

UN welcomes ‘milestone’ release of 833 Nigerian children from anti-Boko Haram force

The Commission favours the cultivation of more GMOs in Europe

Coronavirus: Commission proposes to provide €81.4 billion in financial support for 15 Member States under SURE

Accountability for atrocities in Myanmar ‘cannot be expected’ within its borders – UN investigator

On Youth Education: “Just a normal day in the life of a medical student”

South Sudan ‘heading towards lasting peace and stability’, UN General Assembly told

How speaking ‘parentese’ to your child could make them a faster learner

Five-year low inflation for Eurozone and now Mario has to finally wake up the Germans

The challenges of the universalization of the health system in Brazil. What can we change?

UN, Egypt help avert another Israel-Palestine war in Gaza that was ‘minutes away’, Security Council hears

COP21 Breaking News_04 December: Launch of CREWS, climate risk & early warning systems

Could the pandemic usher in a golden age of cycling?

Voices of young climate action activists ‘give me hope’ says UN chief

Healing of ozone layer gives hope for climate action: UN report

COVID-19: Maintaining the teaching experience for students whilst delivering teaching virtually

Threat from petty criminals who turn to terrorism, a growing concern, Security Council hears

Global economy: ‘we must do everything possible’ to avoid global ‘fracture’ caused by US-China tensions, urges Guterres

Maduro ‘brings the truth’ about Venezuela to UN Assembly; says he is ready to meet US President Trump

The financial war touches Frankfurt and Berlin

MWC 2016 LIVE: Mobile Connect availability hits 2B

Sweden to reach its 2030 renewable energy target this year

Africa-Europe Alliance: first projects kicked off just three months after launch

What Ghana can teach us about integrating refugees

“An open China brings opportunities to Europe”, a Sting Exclusive by China’s Ambassador to EU

Gender Equality as a platform to improve Medicine

Coronavirus: Commission offers financing to innovative vaccines company CureVac

Quicker freezing and confiscation of criminal assets to fight organised crime

European Youth Forum warns of a Peter Pan generation as a result of financial crisis and response to it

More than half of the global population is now online

How curiosity and globalization are driving a new approach to travel

3 ways to accelerate the energy transition

COVID-19: first go-ahead given to the new Recovery and Resilience Facility

The European Commission to stop Buffering

4 key steps towards a circular economy

The EU approves a new package of budget assistance to the Republic of Moldova to support rule of law and rural development reforms

A shortened EU Summit admits failures, makes risky promises

The ECB again takes care of the bankers not the people

Property regimes for international couples in Europe: new rules apply in 18 Member States as of today

Why exchange programs are essential for the medical students of the 21st century

Brexit mission impossible: Theresa May was so desperate that had to appoint Boris Johnson as Foreign Secretary

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s