It’s no hidden secret that companies have been moving towards digital transformation for years, but the current pandemic has accelerated that movement at a speed and magnitude unprecedented. Microsoft CEO Satya Nadella recently said, “We’ve seen two years of digital transformation in two months.”
As companies around the world adapt to what is referred to as the “new normal”, especially in the digital context, the roles and responsibilities of all employees from top to bottom will look different in the future – especially CISOs. From allowing all employees to securely work remotely to ensuring the safety of newly adopted applications and software, it̵
A shift in priorities
The CISO has likely worked tirelessly throughout the pandemic to secure a new, remote workforce and fleet of technologies. Going forward, CISOs will need to ensure that many different types of software, applications, and devices, and how they are accessed, have the right security protection in place. It is your responsibility to ensure that responsive actions taken quickly are now robust and fit for business in the long run. This will require a shift in prioritization, including:
Prioritize the popular communication software for the workplace
The software employees rely on a wide variety of things depending on where they work. For example, when an employee is remote, video conferencing software is used on a daily basis to communicate with colleagues. Adversaries have taken note of this shift and targeted platforms where they can become silent eavesdroppers, steal confidential information that is now being broadcast over the Internet, and much more. There are now heightened concerns about online meetings that used to be rightly protected by four walls and a door. It is necessary to ensure that virtual meeting platforms are secure from a network and software perspective.
Prioritize the cloud computing infrastructure
Employees need secure access to information, especially outside the office. Another change that is critical to business continuity is the introduction of a cloud-based infrastructure that can be accessed from anywhere. Many organizations are realizing the potential of cloud services to scale up and deliver new services quickly, especially when it comes to remote working. According to KPMG and Oracle’s third annual Cloud Threat Report, 92% of IT and security professionals do not trust that their organization is well prepared to secure public cloud services. The introduction of cloud computing requires the implementation of a strong security framework and a solid foundation to protect company resources stored online from theft, leakage and deletion.
Prioritize the communication of the most important guidelines
Now more than ever, cybersecurity procedures and policies must be clearly communicated by the CISO. One area that will receive a lot of attention in the post-pandemic virtual economy is the guidelines for data at rest and data in transit. With virtual work, it is important to be clear about what is acceptable and what is not for employees, managers, developers and everyone else. If not, organizations run the risk of slipping into the “wild west” of security policies, with each person essentially operating on their own set of rules, increasing the risk of data being lost due to unsecure transit or storage practices be compromised. Successful defense of corporate and home networks depends on good guidelines, education, and a thorough internal alignment with new, clear guidelines.
Security is included in everyone’s job description
A return to personal office work environments will be one of the last things to return, and many employees are likely to take a hybrid approach to office work, which means combining work from home with work at the office week in and week out. All employees should be well trained about software security concerns and what is expected of them, both in the office and at home. One way to reduce employee risk is to train developers and security personnel specifically, and to take the time to address the root cause of many software-related security problems: security awareness.
This can be achieved in a number of ways. However, one of the most effective tactics is to improve cybersecurity training programs. Use interactive, gamified components to keep staff and developers engaged and entertained, and teach in short, frequent series to keep an eye on safety in day-to-day operations. Turn to security across the enterprise more generally and refer to security best practices to stay secure remotely. Ultimately, safety is everyone’s business, not just a few.
The pandemic has taught us that software is essential if we are to adapt to new ways of working and living and are a driving factor in the escalation of digital transformation. Software on both the internet and mobile has enabled continuity in both our business and personal lives. However, with this increasing reliance on software and technology, the critical need to ensure that these platforms are trustworthy and secure increases. Without secure software, business and social activities would come to a standstill. It is the responsibility of CISOs to recognize that digital transformation efforts are not temporary solutions, but the future of work.
- Matt Rose, global director of application security strategy at Checkmarx.