The global COVID-19 crisis and ensuing lockdown have created an immediate acceleration for all global businesses to address unique demands and business continuity plans, including remote working, rapidly.
While cyber security has been taking the centre stage for the last few years as the big area of focus, leading to evolution and investments in security readiness, now with the majority of the workforce adapting to a work from home way of life, organisations are having to re-think elements of their approach to security for a truly borderless organisation.
Presently, all organisations are channeling efforts towards ensuring service availability; but on a parallel track – need to look at securing systems, resources and data while activating necessary mechanics for monitoring and protection to embrace remote working for business continuity. In this situation, a Chief Information Security Officer (CISO) needs to orchestrate and facilitate different access channels seamlessly, carefully weighing them against the organisation’s security and risk management approach to achieve better results and organisational stability.
If there is anything that an unforeseen crisis such as this one establishes, it is that what is secure today is not necessarily safe tomorrow. COVID-19 has disrupted civilian and business life to an extent that has defied all planning. For CISOs, knowing where to focus at times like this adds another conundrum to an already difficult job. So, as CISOs and organisations attempt to find newer ways to establish secure systems within short timeframes, three areas of specific focus would be:
1) Organisations must put together a cross-functional and collaborative team to have a holistic COVID-19 risk management strategy covering both, human safety as well as information and data security to keep business secure.
2) Organisations need to have the right monitoring in place to identify COVID-related phishing and malware attacks as these are on a continuous surge. It’s critical to ensure traffic & email monitoring, filtering and blacklisting solutions to weed out such attacks. Finally,
3) CISOs should stick to their trusted partners and vendors to support their current needs, avoiding disputes and unforeseen challenges.
The author of this article is Vice President and Head for Managed Security Services and Content Delivery Network, Tata Communications.