Security and COVID: Moving Past Duct Tape and Baling Twine

It may be time to catch your breath and think about strategy again.

A lot of enterprises have to feel like they’re building an airplane once it’s already in the air. And that airplane is being held together with duct tape, baling twine, twist ties and chewing gum.

For many organizations the rapid onset of the COVID-19 crisis threw all pretense at strategy out the window. Seemingly overnight CISOs had to build out their VPNs to enable a dramatically larger remote workforce. Home networks (and the very nature of working in the midst of family) expanded the attack surface and created a veritable playground for threat actors. Communication tools like Zoom proved essential for business teams, but they contained security flaws that, again, represented new opportunities for hackers.

What about the regulatory front? Many CISOs are wondering if, given all the change and upheaval, their operations are still in compliance with GDPR, HIPAA and CCPA (which is slated for active enforcement in July).

Now That You’re Starting to Get Things Under Control…

CISOs and their teams have every reason to be pleased with the job they’ve done, holding it together in the face of a challenge like nothing we’ve ever seen before.

In the coming weeks and months, as things settle into a manageable routine, it may be time to step back and take stock. Where are we, exactly? What holes still need plugging? And most importantly, how do we work our way back into the sort of strategic mindset needed to drive the business into the future?

A Couple of Steps May Make Sense.

First, a high-level security strategy assessment can gauge your program’s readiness with respect to defined corporate initiatives. This allows you to evaluate policies, identify potential threats, reveal gaps and prioritize objectives, affording a clearer understanding of how your current footing maps to the realities of the business. If that isn’t thorough enough, a deeper, more nuanced evaluation of your foundational security program may be needed. Meetings with key stakeholders help generate an inventory of existing solutions, which can be scored across multiple program areas. The resulting read-out builds around specific recommendations for action.

Security pros understand that emergencies require immediate tactical responses, but they also recognize that management-by-hair-on-fire is a recipe for disaster.

The Coronavirus crisis is far from over, but as daily operations settle down, consider your long-term objectives and begin thinking seriously about the strategic steps necessary to propel you down the road toward a productive “new normal.”