Cybersecurity

5 principles for effective cybersecurity leadership in a post-COVID world

cyber security cybersecurity risk cyberattacks coronavirus COVID-19 computer work from home WFH zoom video conferencing digital CISO

Cybersecurity operations are facing new challenges due to COVID-19. Here's how businesses can stay ahead. Image: Philipp Katzenberger/Unsplash

Charles Blauner
Partner and CISO-in-Residence, Team8
  • As more people are working from home during the COVID-19 pandemic, cybersecurity operations are facing tremendous new challenges.
  • Cybersecurity leaders, particularly Chief Information Security Officers (CISOs), must take stronger and more strategic leadership roles within their businesses during the crisis.
  • Five cybersecurity leadership principles would ensure effective business continuity in the "new normal."

COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders.

However, the paradigm shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.

Have you read?

Cybersecurity operations are facing tremendous challenges:

  • Working from home has opened multiple vectors for cyberattacks through the heightened dependency on personal devices and home networks.
  • Social engineering tactics are even more effective on a distracted and vulnerable workforce.
  • Security Operations Centers (SOCs) have been designed to look for anomalous behaviors; today, SOCs are operating with impaired visibility because everything looks anomalous.
  • Critical business assets and functions are significantly more exposed to opportunistic and targeted cyberattacks by criminal organizations and nation states seeking to exploit vulnerabilities and plant seeds for future attacks.
  • Public-sector services such as hospitals and healthcare services are under acute pressure and have been hit particularly hard by new types of ransomware aimed at disrupting connectivity and denial-of-service attacks.

The security and privacy flaws discovered on the popular Zoom video conferencing application are a reminder that innovative entrepreneurs and businesses both have a role to play in reducing exposure to cyberattacks.

Security bugs and privacy-abusing practices are not new, but have been exacerbated by the growing demand for cost-effective and just-in-time solutions, along with the pressure to digitize and innovate quickly to keep ahead of competition, increase operational efficiencies, improve customer experience and improve business decisions with enhanced analytics.

Most worrisome risks for your company during the COVID-19 pandemic
Cyberattacks and data fraud rank third among the greatest COVID-related business concerns. Image: World Economic Forum

In the COVID-19 context, cybersecurity leaders must strike a critical balance between security and privacy, time to operations and market, cost and convenience.

Within organizations, cybersecurity leaders need to take a stronger and more strategic leadership role. They need to move beyond being compliance monitors and enforcers to better integrate with the business, manage information risks more strategically and work toward a culture of shared cyber-risk ownership across the enterprise.

There is no silver bullet. To ensure that cybersecurity is a fundamental component of the business operating model and culture, the following questions will foster effective conversations between business leaders and Chief Information Security Officers (CISOs):

  • Have roles and responsibilities related to cybersecurity been clearly defined and communicated at every level of the organization up to the CEO and Board?
  • Do business leaders understand the cybersecurity risks they are accepting?
  • Are technology solutions designed, integrated and operated with security and privacy in mind?
  • Does the business incentivize the adoption of secure-by-design-and default practices on the businesses and products in which it invests?
  • Are third-party risks managed effectively?

The daunting challenge for CISOs is protecting the organization's digital infrastructure and assets while enabling operations without interruption. For example, cybersecurity teams must adjust security programs and risk management practices to enable the massive shift to work-from-home tools and fast adoption of cloud services. At the same time, they must make it possible for security team members to look after themselves and their families during a health crisis.

Discover

How is the Forum tackling global cybersecurity challenges?

The World Economic Forum’s new report, Cybersecurity Leadership Principles: Lessons Learnt During the COVID-19 Pandemic to Prepare for the New Normal, aims to guide cybersecurity and business leaders as they shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives. The proposals are to:

1. Foster a culture of cyber resilience

2. Focus on protecting the organization's critical assets and services

3. Balance risk-informed decisions during the crisis and beyond

4. Update and practice the organization's response and business continuity plans as business transitions to the “new normal”

5. Strengthen ecosystem-wide collaboration

The role of the CISO is to support the mission of the organization by ensuring that cyber risks are managed at a level acceptable to the organization. No organization today can expect the CISO to achieve faultless security in the current context. Effective cyber-risk management can, however, help businesses achieve smarter and faster transformation, and stay ahead in these uncertain times. The end goal is resilience.

The COVID-19 crisis has generated unprecedented challenges for organizations, forcing everyone to juggle professional responsibilities with important personal ones. The coming weeks and months are likely to bring more uncertainty. By adhering to these cybersecurity principles, CISOs can better uphold their organization’s security and maintain business continuity while also meeting their obligations to their business stakeholders.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Related topics:
CybersecurityHealth and Healthcare SystemsJobs and the Future of Work
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

We asked 6 tech strategy leaders how they're promoting security and reliability. Here's what they said

Daniel Dobrygowski and Bart Valkhof

November 19, 2024

1:40

100% cybersecurity is unachievable. Here are 4 ways to get as close as possible

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum