Many organisations coped with the difficult forced transition to remote working for most of their employees. According to ESG’s The Impact of the COVID-19 Pandemic on Cybersecurity report, 87% of cyber pros said the transition went smoothly.
The long-term impact on security teams and the businesses they protect is more complicated. CISOs need to contend with new work cultures, new attack surfaces, prepare for the next potential ‘black swan’ event, and fix the “quick-fixes” put in place at the start of quarantine. Here are some of the lessons CISOs have learned from the COVID crisis.
Lesson 1: Security culture needs to follow business culture changes
Many organisations are looking to make large-scale permanent changes to how their employees work in the wake of COVID. Employees have proven they can be productive away from the office and IT has shown the technology works and can scale. According to Radware’s C-Suite Perspectives 2020 report, over 80% of companies expect to continue supporting work-from-home employees at a higher rate than before the pandemic hit.
Graham Thomson, CISO (and interim head of data and analytics) at law firm IrwinMitchell, says few employees worked remotely before the lockdown began. “This was a combination of culture, people thinking they would not be effective in their role if working out of the office, and various legal industry business processes that relied upon physical presence or paper records, such as court appearances, evidence bundles, wills, and wet signatures.”
Original article source was posted here