Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • IT Management
    • Mobile
    • Networking

    Why Many CISOs Got Caught by the COVID-19 Pandemic

    By
    eWEEK Staff
    -
    April 27, 2020
    Share
    Facebook
    Twitter
    Linkedin
      CISO

      At a high level, the IT industry may have been caught with its pants down a bit in the current COVID-19 pandemic. Not because there aren’t a lot of smart chief information security officers (CISOs) out there doing smart things, but rather in our/their ability to quickly adapt to an unprecedented scenario—and perform under an attack on personal safety.

      We have always been afraid of a breach, but being able to support a remote workforce—essentially overnight—under the guise of protecting lives brought a whole new pressure to the role. Then, as we caught our breath, we had to adapt to a changing threat landscape.

      Controls that we thought were effective were not. We realized that we didn’t put as much effort in validating third-party services as we should have (Zoom, for one widespread example). And we’re being asked to forward think and define a security fabric that protects the security and privacy of the “new normal” workforce. Some thought leaders have said for years that the CISO gig is not for the faint of heart; we’re essentially standing up to an invisible bully that is always looking to hit you while you are down.

      How does it change the role/expectations moving forward? Our professional resource for this topic, Lewie Dunsworth, CEO of managed cybersecurity provider Nuspire, offers his real-world perspective on this.

      Data Point No. 1: Digital Transformation

      There is no doubt that CISOs will be asked to help their business accelerate the digital transformation process. CISOs will have to get comfortable with their own “new normal,” meaning a mobile technology stack and security controls that follow the user, the device and the data, regardless of where they are in the world. It’ll also force them to understand the risks with every business decision and be adaptable in figuring out how to best protect the company, both in the short term (with mitigating controls) and the long term (with more robust protection capabilities).

      Data Point No. 2: Identity

      As companies accelerate digital transformation, there will be more of an emphasis placed on controlling who has access, how the access is controlled, what they are authorized to access and what they do with that access. Identity-centric programs also will take on a whole new meaning; there will be a convergence, of sorts, between security and privacy. A pandemic, like this one, could create a social construct where people are almost “shamed” for being infected with a virus. So, privacy and protecting health information will be critical.

      Organizations will be forced to provide “controlled” access from different places and devices. This puts pressure on technologies that support MFA, identity governance, DLP, privileged access, insider threat, contingent access and others.

      Data Point No. 3: Endpoint

      Protecting and monitoring endpoints is paramount. As a CISO, you have to assume that an endpoint has to be controlled in a way that prevents it from being exposed in a “non-company” environment. That will be the new normal. Security policies will need to be applied based on the behavior of the endpoint environment, or the risk associated with it, as much as the users themselves.

      Data Point No. 4: Home Networks/Remote Networks/SDN

      CISOs will need to find ways to containerize the endpoint on a home network. VPNs (virtual private networks) are antiquated and can be bridged, and, unfortunately, man-in-the-middle SSL (Secure Sockets Layer) hijacks are easier on a non-controlled environment. Finally, companies will accelerate the use of SDN (software-defined networking) technologies to bring together disparate networks, endpoints, resources and data into a virtual network; and provide more dynamic policies by understanding where network controls end and endpoint controls start and how identity determines how much a user is trusted given the situation they are in.

      Data Point No. 5: Cloud, Cloud, Cloud

      The future is now; cloud services dominate everything we do by extending capabilities wherever the business will take us. If they haven’t already, CISOs will need to embrace someone else being in control of protecting their data. There has to be an acceleration around third-party risk management, validating the efficacy of controls, hiring developers to automate the application of controls based on scenarios, and so on. More CISOs will self-consume services and controls versus always relying on consultation and other technologies.

      Data Point No. 6: Attack Landscape

      It is critical for every organization to understand its entire attack landscape from the hackers’ eyes. Having an “eyes-wide-open” mentality to the risks you have, everywhere, is a necessity.

      If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.

      eWEEK Staff

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×