There are many types of crises that threaten a business’s ability to function properly, from global conflicts and recessions, to data breaches and natural disasters. Until a few months ago, few would have put global pandemics very high up the list, yet here we are, in the midst of one of the most unprecedented crises in living memory. Most people think of the CEO and CFO as having critical roles at such uncertain times, and quite rightly too. But for many organisations, the chief information security officer (CISO) will have an equally important role to play in the coming days, weeks and months, aiding in both security and business decision making at the highest level.
In times like these, the overriding emotion felt by many of us is fear. Fear of the unknown, fear for our health, our jobs, family, the future. Ultimately, no one knows how these uncertain times will eventually play out, which is a scary prospect. In a business setting, the person everyone turns to for security in the face of the unknown is the CISO. In their usual day-to-day role, the CISO is responsible for safeguarding the company’s most sensitive data against known and unknown threats, building trust with key stakeholders and advising the C-Suite on how to move forward in a secure, efficient manner. They are essential to the overall security and wellbeing of their organisation.
Of course, these are not usual times, which has only heightened the importance of the trust and value that’s derived from a strong security program.Teams must relay a message of security and reassurance to not only end users and staff but other members of the C-Suite, investors and board members as well. All these stakeholders want to know that the team is going to make the right decisions and keep the business on track until something resembling normality returns.
Facing up to an unprecedented challenge
As we face unprecedented challenges around the world, millions of people suddenly find themselves working from home, possibly for the first time in their careers. While remote work might be routine for some, it’s a completely foreign concept for others, especially those in the security and IT space where jobs are typically kept to a more formal office setting. This rapid turn of events has thrown up two key challenges for CISOs that must be addressed as quickly as possible:
- Communicating effectively with a remote workforce: Communication is a fundamental core value among security teams and CISOs are responsible for dictating how their teams liaise with one another and their audience (be it end users, staff or board members) during a crisis. Whatever communication method a CISO had in place beforehand needs to be just as effective in a remote setting, if not more so. Priority should be placed on great storytelling and the giving of credit. Be three times as seen and twice and transparent; you will be judged and remembered for your behaviour in these times. The importance of communication cannot be stressed enough at a time when teams are working so unconventionally and overly stressed
- Conducting robust security monitoring from afar: When end users or employees aren’t coming into the same office every day, security teams must protect assets and operations in several locations using tools in ways they may have not been intended. For example, traditionally a SOC is a physical space as well as a virtual one, but this new work structure is putting a huge strain on that and forcing many security professionals to ‘work outside the box’. Also be ready to use the visibility of the SOC and other security tools to solve unconventional problems around access, monitoring, and executive support. Show the before and after organisational behaviours and allocate human and budgetary resources accordingly.
Deploy a Tiger Team to combat unexpected challenges
By their nature, crises throw up numerous challenges that can quickly derail even the best management strategies. However, CISOs don’t need to face these alone. A prudent approach is to assemble a “Tiger Team” with the core objective of tackling and defusing these problems in a fast, organised way. An effective Tiger Team will have three main characteristics:
- Displays the different stripes of the organisation: Team members should be expert but cross-functional. It’s not just a collection of the most tenured staff; it’s crucial that front line technical staff are part of the team as well.
- Can leap into action with deadly precision: Any problems identified must be confronted quickly. A small, focused group of decision-makers can typically mobilise faster than a larger party, which is critical at such unprecedented times.
- Will sink its fangs into any problem that arises: Once a problem is identified, the Tiger Team must have the authority and capability to deal with it as needed, without the need for external approval or assistance.
During times of crisis, CISOs must be ready to stand up and be counted, leading the response on multiple fronts at once. The ongoing situation has turned much of the business world on its head, presenting new and unique challenges that would have been unthinkable just a few months ago. Despite this, many of the principles of effective crisis management remain and security, as always, is paramount. People want to know that they can trust their CISO to take care of the company’s most valuable resources. While it certainly isn’t easy at present, with the right planning, communication and technology, it is still more than achievable.
Author: Steve Moore, Chief Security Strategist at Exabeam