The New Normal: Managing Physical and Digital Security Threats in a COVID-19 World
After months of lockdowns, and reopening and reclosing businesses, Covid-19 is still a rapidly evolving situation. Leading CISOs and CSOs are finding ways to secure their networks, keep their people safe, and help provide stability for the organizations they serve all while navigating the new normal of uncertainty.
The challenges CSOs and CISOs continue to face during the ongoing coronavirus pandemic are across the board. To ensure business continuity, revenues, and reputations, managing physical and digital security threats have become at the forefront of organizations.
When the pandemic hit, a vast majority of people began to work from home, and many still rely on these home workspaces, making them more vulnerable to cyber threats from bad actors taking advantage of new opportunities. Social engineering attacks, especially phishing attacks, are on the rise, as well as ransomware attacks. CISOs are combating increased risks of malware, intrusion, and data exfiltration. For many organizations that have shifted to a long term, perhaps permanent, remote work model, the importance of cybersecurity training for employees—an organization’s first line of defence—is more critical than ever.
Duty of Care
As employees are rarely gathering in centralized locations anymore due to COVID-19, Duty of Care for employees has broadened and become more complex. Providing this moral and legal responsibility to remote workers—many times spread all over the world—is a challenge exacerbated by the importance of public health measures to stop the spread of the virus. The mental health of workers has become a top concern due to COVID-19, information dissemination has never been more important, and new contact tracing capabilities for employees has become imperative in the new normal.
In addition to civil unrest, many organizations are now facing the reality of reduction of workforces, which can frustrate employees who, while working from home, may be more inclined to act nefariously in an unsupervised environment. New opportunities and the ability to connect in from personal devices while working from home only heighten this threat. Making sure the right technologies and controls are in place to ensure visibility and monitoring is critical in responding to these insider threats.
Cross-Functional Teams Can Overcome New and Existing Challenges
If COVID-19 has done one thing, it has highlighted the criticality of having the ability to respond quickly to a business disruption. Many leaders are finding that the best approach to keeping organizations running is a hybrid program that is responsible for both digital and physical security.
Currently, about 30% of companies globally have a consolidated platform with cross-functional team leaders reporting to the same executive. COVID-19 has exacerbated this trend. Still, some companies are stove-piped, which has created challenges, underscoring the benefits of the fusion between physical and digital teams. The ability to look at SIEM (Security Information and Event Management) operations in the same space and on the same platform is incredibly helpful. Traditional models where the safety and security teams act separately have a much harder time than teams with blended expertise— including a solid background in threat, vulnerability, and physical risk assessment, as well as an understanding of risk as it’s layered within systems.
Ultimately, whether it’s digital or physical, the ability to triage and move forward with a resolution plan quickly against threats is imperative. In this way, security leaders have a tactical responsibility while they must also promote a strategic vision for the organization. By leveraging the expertise and experiences of today’s new normal, leaders can build a cross-functional team that allows the company to succeed into the foreseeable future.