Post-Pandemic Responsibilities for a Modern Day CISO

It’s no hidden secret that businesses have been moving toward digital transformation for years, but the current pandemic has accelerated this movement at a rate and scale like never seen before. As Microsoft CEO Satya Nadella recently put it, “We have seen two years’ worth of digital transformation in two months.”

As organizations worldwide adjust to what’s being called the “new normal,” especially in the digital context, roles, and responsibilities of all employees from the top down are looking different going forward – especially CISOs. From enabling the ability for all employees to work remotely in a secure manner to ensuring the security of newly adopted applications and software, it’s safe to say CISOs have their hands full. Let’s explore what exactly the “new normal” looks like for these security leaders.

The CISO has likely been working tirelessly throughout the pandemic to help secure a new, remote workforce and fleet of technologies. Moving forward, CISOs will need to ensure that the proper security protections are in place for many different types of software, applications, and devices, as well as how they are accessed. It is their responsibility to ensure response measures that were put in place quickly are now robust and enterprise-grade for the long-haul. This requires a shift in prioritization including:

Prioritize Popular Workplace Communication Software

The software employees rely on the most differs based on their working location. For example, when an employee is remote, video conferencing software is being used daily to communicate with co-workers. Adversaries have taken note of this shift, targeting platforms where they can become silent eavesdroppers, steal sensitive information that’s now being transferred over the web, and more. There are now heightened concerns about meetings taking place online which used to be protected by four walls and a door, and rightfully so. Ensuring that virtual meeting platforms are secure from a network and software aspect is necessary.

Prioritize Cloud Computing Infrastructure

Employees need secure access to information, especially when outside of the office. Another change that will be essential for business continuity is the adoption of cloud-based infrastructure that is accessible from anywhere. Many organizations are realizing the potential of cloud services to rapidly scale and deploy new services, particularly in terms of remote working. Yet, according to KPMG and Oracle’s third-annual Cloud Threat Report, 92% of IT and security professionals do not trust that their organization is well-prepared to secure public cloud services. The adoption of cloud computing requires the implementation of a strong security framework and foundation in order to protect business assets stored online from theft, leakage, and deletion.

Prioritize Communication of Key Policies

Cybersecurity procedures and policies need to be clearly communicated from the CISO, now more than ever before. One area that will get a lot of attention in the post-pandemic virtual economy is associated with data at-rest and data in-transit policies. With virtual work, determining what is and isn’t acceptable must be clearly articulated for employees, leaders, developers – everyone. If this doesn’t happen, organizations run the risk of turning into the ‘wild west’ when it comes to security guidelines, with each person essentially operating under their own rules, thereby increasing risk of data being compromised due to insecure transit or storage practices. A successful defense for corporate and private networks depends on good policies, education, and widespread internal alignment on new, clear-set policies.

Shifting back to in-person office work environments will be one of the last things to return and many employees are likely to take a hybrid approach to office work, meaning they will mix working from home with being in-office week to week. All employees should be well trained on software-related security concerns and what is expected from them in both the office and at home. One way to mitigate employee risk is to provide special training for developers and security staff, and take the time to address the root cause of many software-related security issues: security awareness.

This can be achieved in a few ways, but one of the most effective tactics is to ramp up cybersecurity training programs. Utilize interactive, gamified components to keep employees and developers engaged and entertained, and deliver lessons in short, frequent bursts to keep security top-of-mind in their daily operations. More broadly, address security throughout the entire organization, pointing to security best practices for staying safe while remote. At the end of the day, security is everyone’s job, not just that of a few individuals.

The pandemic has taught us that software is essential as we adapt to new ways of working and living and a driving factor in the digital transformation escalation. Software, on both the web and mobile, has enabled continuity in both our business and personal lives. However, with this increased dependence on software and technology comes the critical need to ensure these platforms are trustworthy and secure. Without secure software, business and social activity would come to a halt. It is the CISOs responsibility to recognize that digital transformation efforts are not temporary solutions, but the future of work.

Note: This article originally appeared on TechRadar.


*** This is a Security Bloggers Network syndicated blog from Blog – Checkmarx authored by Matthew Rose. Read the original post at: https://www.checkmarx.com/2020/09/17/post-pandemic-responsibilities-for-modern-day-ciso/