5 principles for effective cybersecurity leadership in a post-COVID world

_cybersecurity_

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Charles Blauner, Partner and CISO-in-Residence, Team8 & Georges de Moura, Head of Industry Solutions, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum


  • As more people are working from home during the COVID-19 pandemic, cybersecurity operations are facing tremendous new challenges.
  • Cybersecurity leaders, particularly Chief Information Security Officers (CISOs), must take stronger and more strategic leadership roles within their businesses during the crisis.
  • Five cybersecurity leadership principles would ensure effective business continuity in the “new normal.”

COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders.

However, the paradigm shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.

 

Cybersecurity operations are facing tremendous challenges:

  • Working from home has opened multiple vectors for cyberattacks through the heightened dependency on personal devices and home networks.
  • Social engineering tactics are even more effective on a distracted and vulnerable workforce.
  • Security Operations Centers (SOCs) have been designed to look for anomalous behaviors; today, SOCs are operating with impaired visibility because everything looks anomalous.
  • Critical business assets and functions are significantly more exposed to opportunistic and targeted cyberattacks by criminal organizations and nation states seeking to exploit vulnerabilities and plant seeds for future attacks.
  • Public-sector services such as hospitals and healthcare services are under acute pressure and have been hit particularly hard by new types of ransomware aimed at disrupting connectivity and denial-of-service attacks.

The security and privacy flaws discovered on the popular Zoom video conferencing application are a reminder that innovative entrepreneurs and businesses both have a role to play in reducing exposure to cyberattacks.

Security bugs and privacy-abusing practices are not new, but have been exacerbated by the growing demand for cost-effective and just-in-time solutions, along with the pressure to digitize and innovate quickly to keep ahead of competition, increase operational efficiencies, improve customer experience and improve business decisions with enhanced analytics.

Most worrisome risks for your company during the COVID-19 pandemic
Cyberattacks and data fraud rank third among the greatest COVID-related business concerns.
Image: World Economic Forum

In the COVID-19 context, cybersecurity leaders must strike a critical balance between security and privacy, time to operations and market, cost and convenience.

Within organizations, cybersecurity leaders need to take a stronger and more strategic leadership role. They need to move beyond being compliance monitors and enforcers to better integrate with the business, manage information risks more strategically and work toward a culture of shared cyber-risk ownership across the enterprise.

There is no silver bullet. To ensure that cybersecurity is a fundamental component of the business operating model and culture, the following questions will foster effective conversations between business leaders and Chief Information Security Officers (CISOs):

  • Have roles and responsibilities related to cybersecurity been clearly defined and communicated at every level of the organization up to the CEO and Board?
  • Do business leaders understand the cybersecurity risks they are accepting?
  • Are technology solutions designed, integrated and operated with security and privacy in mind?
  • Does the business incentivize the adoption of secure-by-design-and default practices on the businesses and products in which it invests?
  • Are third-party risks managed effectively?

The daunting challenge for CISOs is protecting the organization’s digital infrastructure and assets while enabling operations without interruption. For example, cybersecurity teams must adjust security programs and risk management practices to enable the massive shift to work-from-home tools and fast adoption of cloud services. At the same time, they must make it possible for security team members to look after themselves and their families during a health crisis.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The World Economic Forum’s new report, Cybersecurity Leadership Principles: Lessons Learnt During the COVID-19 Pandemic to Prepare for the New Normal, aims to guide cybersecurity and business leaders as they shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives. The proposals are to:

1. Foster a culture of cyber resilience

2. Focus on protecting the organization’s critical assets and services

3. Balance risk-informed decisions during the crisis and beyond

4. Update and practice the organization’s response and business continuity plans as business transitions to the “new normal”

5. Strengthen ecosystem-wide collaboration

The role of the CISO is to support the mission of the organization by ensuring that cyber risks are managed at a level acceptable to the organization. No organization today can expect the CISO to achieve faultless security in the current context. Effective cyber-risk management can, however, help businesses achieve smarter and faster transformation, and stay ahead in these uncertain times. The end goal is resilience.

The COVID-19 crisis has generated unprecedented challenges for organizations, forcing everyone to juggle professional responsibilities with important personal ones. The coming weeks and months are likely to bring more uncertainty. By adhering to these cybersecurity principles, CISOs can better uphold their organization’s security and maintain business continuity while also meeting their obligations to their business stakeholders.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

The hidden downsides of autonomous vehicles – and how to avoid them

Review on ethics and technological development

Switzerland fast-tracks emergency aid for small businesses weathering COVID-19

Why we need to redefine trust for the Fourth Industrial Revolution

JADE Handover Ceremony at the European Parliement

Technology is delivering better access to financial services. Here’s how

Coronavirus: MEPs call for solidarity among EU member states

On Grexit: Incompetence just launched the historic Ultimatum that could open “pandora’s box”

“I believe that startups are for grown-up men, those, who have already achieved something “

How the ‘California effect’ could shape a global approach to ethical AI

An economist explains the pros and cons of globalization

Tanzania’s Dual Burden

Security Council imposes arms embargo on South Sudan

5 rules for making employers and employees trust each other again

Can collective action cure what’s ailing our food systems?

In Afghanistan, attacks against schools have tripled in one year

5 steps businesses can take to protect air quality after COVID-19

MWC 2016 LIVE: Freemium MVNO model a success, claims FreedomPop head

Afghanistan: UN ‘unequivocally condemns’ attack in Kabul

ZTE @ MWC14: ZTE excels in all areas at this year’s Mobile World Congress

Leading Palestinian legislator calls for ‘new international engagement’ in two-state solution

Saudi Arabia must halt air strikes in Yemen, says UN panel

Huge areas of the Arctic are on fire – here’s what that means for the planet

Generation Z will outnumber Millennials by 2019

External action: more funds for human rights, development and climate change

Fashion has a huge waste problem. Here’s how it can change

YouTubers are teaming up to plant 20 million trees

The EU Parliament and the ECB unknowingly or unwillingly fail to protect our financial assets

Coronavirus crisis: “Commission will use all the tools at its disposal to make sure the European economy weathers the storm”

Chart of the day: The internet has a language diversity problem

Resiliency is the key to strong investments in a chaotic world

5 lessons from China on how to drive sustainable growth

Bioethics: how to recover trust in the doctor-patient relationship

Malta: MEPs conclude fact-finding visit to assess Caruana Galizia murder inquiry

Why lay people don’t expect anything good from G20

A Sting Exclusive: “Consumer expectations for the 2015 UN summit on climate change”, Director General of BEUC Monique Goyens outlines from Brussels

Korea should improve the quality of employment for older workers

EU invests in green projects and bans single-use plastics while climate change requires more to be done

UN rights chief ‘extremely concerned’ over deadly crackdown on protesters in Iran

What the buoyant US economy means for the rest of the world

Indexation of family benefits, child tax credit and family tax credits: Commission takes Austria to Court for discrimination

Students in Milan are moving in with the elderly to fight loneliness and save money

How to change the world at Davos

New energy Projects of Common Interest for the Energy Union built on European solidarity

The world’s e-waste is a huge problem. It’s also a golden opportunity

Our Digital Future

Supercomputing could solve the world’s problems, and create many more

Russia won’t let Ukraine drift westwards in one piece

Efforts to save the planet must start with the Antarctic

There is a forgotten solution to climate change that we must invest in – nature

‘Millions facing starvation’ – Global political and business leaders on the economic impact of COVID-19

Parliament backs a modernised EU electoral law

Why remote working doesn’t have to mean alienated employees

Security Council renews mandates of UN force monitoring separation area between Israel and Syria; AU-UN hybrid mission in Darfur

How global tech can drive local healthcare innovation in China

3 technologies that could define the next decade of cybersecurity

Fighting cybercrime – what happens to the law when the law cannot be enforced?

Deutsche Bank again in the middle of the US-EU economic skirmishes

Hiring more female leaders is good for profits. Here’s the evidence

Turkey presents a new strategy for EU accession but foreign policy could be the lucky card

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s