Cetas Blog Post

CISO Challenges During the Pandemic

September 1, 2022

CISOs Before COVID-19

The Covid-19 Pandemic has been a chaotic period for Chief Information Security Officers (CISOs) who always have a complicated & huge list of responsibilities. CISOs aren't new to disruption and challenges, but during the pandemic, they have faced various challenges and it has created a huge list of other challenges.

Rapid Shift to Remote Workers

Covid-19 has brought about a remote working trend globally. While this trend has been welcomed by many, it has created multiple security challenges. The first and most concerning challenge was as employees were working remotely, CISOs had to adjust and strategize about how to create secure connections for the remote employees who were suddenly working on their own devices that have never been part of the corporate network before.

Image
Image

The Tsunami of Cyber Risk and the Ever-Changing Threat Landscape

The first challenge is that from a threat actor's perception, all employees remotely working or quarantined at home, with potentially insecure devices, represent a great opportunity for trouble to happen.

A side effect of the rapid expansion of working remotely is the associated cyber risk of cyberattacks against remote workers. Aside from having to rely on Wi-Fi at home and other networks that may lack the protection available at work, remote workers may forget security basics such as using shared family devices or not using a VPN.

Threat actors are redesigning their attack approaches during the pandemic, with attacks on organizations that often endanger remote workers. These approaches include phishing and online scams regarding COVID-19, misinformation campaigns, and data harvesting malware, including ransomware, malicious and weaponized websites, and social engineering became a challenge. While the type of attack is not new, its sheer scale makes it difficult to monitor and respond quickly, especially within the already strained workforce of security organizations.

To prevent such attacks, some organizations implement controls to mitigate threats when employees receive emails from external sources that contain links in it. When an employee clicks a link, the recipient doesn't immediately see the page on their browser or device.

They are first separated and screened in a "vetting zone". However, technology alone is not enough to solve the problems, as all it takes is a single employee to fall victim to a combination of social engineering and technical attacks, inadvertently putting the organization at risk.

Budget and Resource Issues

Cyber problems cannot be solved by simply throwing money or other resources at them, but the serious recalls that have hit so many companies have left budgets and resources behind and may continue to occur, and despite the perception that cybersecurity is a priority, lack of funding and other resources will inevitably mean fewer dollars and fewer resources will be spent on cybersecurity, leading to challenges likely getting worse to an already strained workforce.

Emphasis on Work-Life Balance, Empathy, and Emotional Intelligence

The challenge was early in the pandemic. CISOs and security organizations have been in attack mode the way we've been in security all along, and have kept that cadence for so long that CISOs and security organizations can feel the stress of being overburdened, that there may be no end in sight.

As CISOs, security organizations are fortunate enough to be well-prepared for the unexpected in the context of cyber resilience. One of the major accomplishments of CISOs during the pandemic has been to reduce the workload of the security workforce by adapting to new technologies and integrating AI in their cyber security infrastructure to reduce false positives & automate the detection and response as much as possible to skyrocket the productivity of their SOC.

Image

Opportunities and Positives in the Cybersecurity Industry

According to the latest Information Security Maturity Report, 88% of security leaders said their existing security infrastructure held its ground pretty well during the pandemic, which is very optimistic in the event of a global cyberattack with similar characteristics to the COVID-19 Pandemic.

Despite the number of extraordinary challenges faced by CISOs during the pandemic, there are several optimistic impacts on the security and cyber industry, such as increased awareness of security and how cyber consequences affect many aspects of business; security issues, and subsequent expenses to address these issues; improving the defense of systems against attacks; dealing with cyber incidents, and the shift to remote work has improved work-life balance.

Another key positive is the increase in innovation and development COVID-19 continues to be a major market disruptor that has brought a level of innovation never seen before. Lockdowns have forced many businesses to face rapid digitization and have to restructure with a new “business as usual” strategy. Some companies are using this wave of innovation to overhaul their business models. Transform or expand markets by bringing technologies and services to market in record time and shortening product development time with new workflows and processes.

A New Age of Cybersecurity

The pandemic led the way to a new era of cybersecurity. IT security professionals who upgrade their game to protect an organization's people, technology, and data from new and growing risks posed by more sophisticated cybercriminals play a critical role in the economic transition.

The pandemic has provided the CISO role and the security industry a chance to reevaluate its role and value proposition. Security technology now isn't seen as a device used solely to keep people and property safe but is finally becoming a strategic tool for improving business Operations.

Conclusion

The pandemic has created extraordinary challenges for CISOs in the security industry. It also provided plenty of new opportunities for the CISO role and the security industry. Both trends are likely to continue as the pandemic robs the security market on the one hand and regains it on the other, leaving much speculation about what will happen after the pandemic. Fortunately, the security industry is doing better than many as the pandemic continues to evolve and spread.