Security and COVID: Moving Past Duct Tape and Baling Twine Home Insights Blog Security and COVID: Moving Past Duct Tape and Baling Twine May 19, 2020 Security and COVID: Moving Past Duct Tape and Baling Twine It may be time to catch your breath and think about strategy again. A lot of enterprises have to feel like they’re building an airplane once it’s already in the air. And that airplane is being held together with duct tape, baling twine, twist ties and chewing gum. For many organizations the rapid onset of the COVID-19 crisis threw all pretense at strategy out the window. Seemingly overnight CISOs had to build out their VPNs to enable a dramatically larger remote workforce. Home networks (and the very nature of working in the midst of family) expanded the attack surface and created a veritable playground for threat actors. Communication tools like Zoom proved essential for business teams, but they contained security flaws that, again, represented new opportunities for hackers. What about the regulatory front? Many CISOs are wondering if, given all the change and upheaval, their operations are still in compliance with GDPR, HIPAA and CCPA (which is slated for active enforcement in July). Now That You’re Starting to Get Things Under Control… CISOs and their teams have every reason to be pleased with the job they’ve done, holding it together in the face of a challenge like nothing we’ve ever seen before. In the coming weeks and months, as things settle into a manageable routine, it may be time to step back and take stock. Where are we, exactly? What holes still need plugging? And most importantly, how do we work our way back into the sort of strategic mindset needed to drive the business into the future? A Couple of Steps May Make Sense. First, a high-level security strategy assessment can gauge your program’s readiness with respect to defined corporate initiatives. This allows you to evaluate policies, identify potential threats, reveal gaps and prioritize objectives, affording a clearer understanding of how your current footing maps to the realities of the business. If that isn’t thorough enough, a deeper, more nuanced evaluation of your foundational security program may be needed. Meetings with key stakeholders help generate an inventory of existing solutions, which can be scored across multiple program areas. The resulting read-out builds around specific recommendations for action. Security pros understand that emergencies require immediate tactical responses, but they also recognize that management-by-hair-on-fire is a recipe for disaster. The Coronavirus crisis is far from over, but as daily operations settle down, consider your long-term objectives and begin thinking seriously about the strategic steps necessary to propel you down the road toward a productive “new normal.” By: Sam Smith, PhD Contributor Sam has worked in technology and communications marketing for more than 20 years and during that time has served a host of Fortune, enterprise and mid-market leaders. He earned his doctorate from the University of Colorado, where he focused on the development and adoption of emerging digital communication technologies. Share: Threat Risk SecOps Remote Work Compliance Security Assessment RELATED INSIGHTS DOWNLOAD January 22, 2020 Security Program Foundation Assessment Our Security Program Foundation Assessment (SPFA) helps you holistically evaluate and focus your program. See Details Read more about Security Program Foundation Assessment DOWNLOAD June 08, 2021 Security Strategy Assessment Our Security Strategy Assessment gauges your security program against big-picture corporate initiatives. See Details Read more about Security Strategy Assessment BLOG April 06, 2020 Securing Your Security Operations: Three Critical Areas of Focus Three enterprise security areas deserve focus in WFH environments: email security, tool configuration and chat. See Details Read more about Securing Your Security Operations: Three Critical Areas of Focus How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.