3 must-ask post-pandemic questions for CISOs
As the world battles Covid-19, most of the industries continue to suffer. A drastic change in business operations is observed in every industry vertical, leading to higher digital occupancy. Today work from home has become the new norm, this has increased the risk of cybersecurity and brought in new data privacy challenges. The rapid global shift of remote working has indeed become a huge opportunity for cybercriminals to lean on.
Accessing and processing an organization’s critical data beyond the organization's security perimeter has set in un-precedent risks of a data breach. Right from the time the pandemic hit the world, many organizations have experienced phishing attacks. Cybercriminals are using sophisticated phishing techniques to target employees working from home by mimicking reliable information about COVID-19.
By now most of us have a clear picture of the cybersecurity risks in the wake of a global pandemic. (Read our blog)
The global pandemic has no doubt impacted the way organizations operate, but it has also made a significant impact on the job roles of the security leaders and CISOs, making them digitally empathetic to deal with new cybersecurity challenges.
In the current situation, CISOs are highly responsible for bringing in real business outcomes with economic value. There are so many questions being raised to CISOs on what will be the framework and control for cybersecurity in the “new normal” and how does it influence the operations. But the reality is CISOs are battling with newer forms of cyber-attacks incurred during the pandemic and may not have answers with imminence. Today most of the organizations have already ramped up their security policies and are taking immediate response measures to handle the crisis.
From the lessons learned by Covid-19 crisis and keeping in mind future uncertainties, CIOs and CISOs have to focus on more strategic priorities in line with the immediate responsive measures made in regards to the new threat landscape.
As a part of restructuring security policies, CISOs must consider these post-pandemic questions:
- How to support end-users and clients
- What should be and should not be the part of asset Inventory
- How to put new security policies in practice
How to support end-users and clients?
Because of Covid-19, physical hygiene has become the most important practice for humans. In the same way, Cyber hygiene is another new practice CISOs are implementing, to do so security professionals are engaging their employees in training sessions about general best practices and organizations programs and protocols and VPN policies. They also need to conduct campaigns to support and educate the employees in identifying the malicious content and Report immediately. In the work from home scenario employees are the common exploits for the attackers to penetrate the network.
What should be and should not be the part of asset Inventory
Asset inventory is a vital part of keeping the network secure, a detailed asset inventory helps security professionals in creating effective risk mitigation tactics. It also helps in identifying unauthorized software, identify and alerts on policy violations, and auto access all the assets in the network for vulnerability check.
Asset inventories such as software and hardware specifications, updates, and patches related to traffic patterns must be prioritized. As AI/ML is the future of cybersecurity, detailed inventory servers are the critical inputs needed for the AI-based threat detection applications in effectively identifying the anomalies over the network.
How to put new security policies in practice
Before the pandemic, cybersecurity was considered as a sole responsibility of the security professionals. But Covid-19 cyberwar has made organizations understand that cybersecurity is something every employee, top-level management to low-level executives, and clients must be aware and feel responsible towards. During this pandemic, cybersecurity is elevated among top-tier business priorities. Security must be an integral part of enterprise policy, workflows, development, investments, and partnerships. This practice will help organizations to have broader data and analytics, which intern helps the AI-based tools to react in the event of an attack.
At Locuz, we understand that organizations are subject to increasing amounts of corporate and regulatory requirements to demonstrate that they are managing and protecting their information appropriately, whilst the threats from all quarters, including organized crime, nation-states, and activists, are growing in complexity and volume. Therefore, we bridge the visible and the invisible Cyber Security gaps for the businesses that aspire to be Digital with an uncompromising approach to innovation. To focus on your security needs we have also carved out a new entity Cymune, so as to have the single-minded focus in delivering the latest innovations in security that makes your business Secure and Sustainable.Mounika Raghavarapu September 08, 2020 0 1