The Impact of COVID-19 on CISOs

Category: Data Security , Cyberbytes
Author: Josh Isley

It’s important to plan for the unpredictable. However, it’s nearly impossible to plan well in advance for a worldwide pandemic. Like everyone else, CISOs have been completely astonished by the outbreak of COVID-19. Security professionals have had to make sudden alterations concerning their safety procedures and policies. Many have had to enforce contingency plans they never dreamed would be necessary. Budgets have been reset and cybersecurity has been shifted to focus on remote work. In what seemed like an instant, priorities and strategies were completely changed for CISOs and their organizations. CISOs are certainly feeling the impact of COVID-19- here’s how:

 

  1. Postponing major projects
    According to ESG research, 62% of organizations were planning to increase spending on cybersecurity in 2020. Many CISOs were finally gaining traction with the C-suite to increase companywide cybersecurity spending. Unfortunately, COVID-19 has put this on hold and even dismantled some scheduled security efforts. Key plans and projects have been put on hold to sort out the key necessities of everyday work operations. CISOs have had to reprioritize their budgets towards securing offsite, remote offices. This includes setting up a VPN, installing security software on company devices traveling outside the office, and training employees just to name a few.
  2. Providing support to remote employees
    Most CISOs would claim that their biggest concern about company security is employee knowledge and awareness. This is amplified even more when operating remotely. CISOs have to ensure that employees make a successful transition from the main office to the home office. Not only is it harder for employees to maintain company security away from the office, but it’s also more likely for employees to be targeted by scammers now than in the past. Phishing campaigns are using faulty health organization messages to manipulate people into giving up valuable information. CISOs should readily available for remote employee to seek guidance and understanding when it comes to protecting company data.
  3. Quickly looking to mitigate risk
    “What holes exist in my organization currently?” This is the question CISOs are having to rapidly answer as everyone is moved off-campus. Many security policies are having to be completely revised and reimplemented. Security professionals are looking for quick ways to mitigate risk through easily installable security products that won’t interrupt workflow. Some immediate focal points of security budgets right now include endpoint security, mobile device security, securing networks, and implementing multi-factor authentication.
  4. Strategizing short-term and long-term
    As it stands, no one can truly to predict how long this outbreak will last. CISOs are having to prepare for the worst and hope for the best. Short-term implications make everything look hazy with the increase in phishing attempts, the dangers of operating away from the office, and the tabling of major projects. However, long-term implications aren’t all doom and gloom just yet. Many CISOs are seeing the adaption of remote working as an opportunity for non-technical employees to gain quality security skills. Reliance on telecommunication and other technologies such as cloud computing have opened new opportunities to develop quality employee security outside of information technology division.
  5. Keeping up with security trends
    It will be crucial for CISOs to monitor security stocks and technology market activity. All industries are feeling the economic strain of COVID-19, and for CISOs, this could make security investments foggy. Amid the unknown, it’s important for security professionals to keep up with the latest trends and success stories. Keeping up with security trends will also help CISOs know what threats could be in route to their organization, allowing them to better prepare and equip employees.

    Sign Up For NXTsoft's Free Remote Work Security Series
    Conclusion

Now is the time for CISOs to be a steady asset to the entirety of the organization. They must be ready and willing to lead the charge in securing remote work sites. Diligence will be key in mitigating threats to the organization and risks of losing company data. CISOs should be opportunistic with their time, and they should be ready to provide the strongest security contingency plan.

If your organization operates without a CISO, consider hiring an affordable option in NXTsoft’s Threatadvice vCISO to ensure that your organization operates safely away from the office.

If you’re looking for a way to make remote employees valuable security assets, NXTsoft has designed a series of 5 e-learning classes complete with 5 question quizzes to help you easily educate your staff on best practices for working remote. Enroll your employees for FREE today!

April 6, 2020
Back
Share this post on social media