Skip to main content

Security and COVID: Moving Past Duct Tape and Baling Twine

May 19, 2020

It may be time to catch your breath and think about strategy again.

A lot of enterprises have to feel like they’re building an airplane once it’s already in the air. And that airplane is being held together with duct tape, baling twine, twist ties and chewing gum.

For many organizations the rapid onset of the COVID-19 crisis threw all pretense at strategy out the window. Seemingly overnight CISOs had to build out their VPNs to enable a dramatically larger remote workforce. Home networks (and the very nature of working in the midst of family) expanded the attack surface and created a veritable playground for threat actors. Communication tools like Zoom proved essential for business teams, but they contained security flaws that, again, represented new opportunities for hackers.

What about the regulatory front? Many CISOs are wondering if, given all the change and upheaval, their operations are still in compliance with GDPR, HIPAA and CCPA (which is slated for active enforcement in July).

Now That You’re Starting to Get Things Under Control…

CISOs and their teams have every reason to be pleased with the job they’ve done, holding it together in the face of a challenge like nothing we’ve ever seen before.

In the coming weeks and months, as things settle into a manageable routine, it may be time to step back and take stock. Where are we, exactly? What holes still need plugging? And most importantly, how do we work our way back into the sort of strategic mindset needed to drive the business into the future?

A Couple of Steps May Make Sense.

First, a high-level security strategy assessment can gauge your program’s readiness with respect to defined corporate initiatives. This allows you to evaluate policies, identify potential threats, reveal gaps and prioritize objectives, affording a clearer understanding of how your current footing maps to the realities of the business. If that isn’t thorough enough, a deeper, more nuanced evaluation of your foundational security program may be needed. Meetings with key stakeholders help generate an inventory of existing solutions, which can be scored across multiple program areas. The resulting read-out builds around specific recommendations for action.

Security pros understand that emergencies require immediate tactical responses, but they also recognize that management-by-hair-on-fire is a recipe for disaster.

The Coronavirus crisis is far from over, but as daily operations settle down, consider your long-term objectives and begin thinking seriously about the strategic steps necessary to propel you down the road toward a productive “new normal.”


    Sam Smith, PhD

By: Sam Smith, PhD

Contributor

See More

Related Blogs

October 25, 2017

GDPR Part 1: A Legal, IT, or Information Security Issue?

The General Data Protection Regulation (GDPR) is a new regulation affecting organizations that reside in the European Union (EU) or merely transmit EU...

See Details

October 31, 2017

GDPR Part 2: The Six Information Security Pillars

In this second part of the series, we will discuss Optiv’s Six Information Security Pillars for GDPR compliance. For the information security professi...

See Details

January 12, 2017

Information vs. Cyber Threat Intelligence

Cyber threat intelligence should always enable decision making and action, but what good is a cyber threat intelligence program if you take no action ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

January 22, 2020

Security Program Foundation Assessment

Our Security Program Foundation Assessment (SPFA) helps you holistically evaluate and focus your program.

See Details

October 25, 2017

GDPR Part 1: A Legal, IT, or Information Security Issue?

The General Data Protection Regulation (GDPR) is a new regulation affecting organizations that reside in the European Union (EU) or merely transmit EU...

See Details

January 15, 2020

Security Strategy Assessment

Our Security Strategy Assessment gauges your security program against big-picture corporate initiatives.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.