One of the potential benefits for security leaders as a result of the pandemic is the renewed focus on business resilience and cybersecurity.
The expertise, resourcefulness, and dedication of CISOs are important for businesses to become digital and grow well-distributed. Now’s the time to take optimum advantage of all the attention and step up to the communication skills and requirements effectively:
Effectively demonstrate the value
The best days for security technologies are when they’re doing their jobs to secure the employees, business, and customers, without impacting the overall productivity and user experience. Now the security teams have to support the leaders, and it’s crucial to tap on to this opportunity to bring them along this journey.
Explicitly explaining the unique challenges the company faced, how the team overcame them, the value they delivered, lessons learned, and the mistakes made, is crucial to continue the improvement of security operations. The COVID-19 situation has proved that the next disruption isn’t too far behind, and there is nothing such as preparing too early.
Collaboration to enhance security operations
With remote working stepping in how people communicate with their teams has undergone a drastic change if not permanently, at least in the near term. It is now impossible to tap an analyst on the shoulder to assign them a task to get an update on an investigation as flexibly as in the office premises. With employees geographically dispersed, the need for collaboration across teams is even more critical.
A single, online collaborative environment focusing on fusing together evidence, data, and users allows individual team members and security teams to access the intelligence they require to do their jobs as part of their workflow. It also enables them to share learnings actively or directly communicate about them with each other.
CISO needs to assure the development of such an environment to extract maximum benefit. They can oversee investigations remotely, noticing the analysis as it unfolds and directing action effectively to avoid information loss. With a “virtual shoulder tap,” CISOs can break down projects and assign tasks effectively to individuals, coordinate tasks between teams, and also monitor results and timelines. Even when analysts work remotely, CISO can effectively continue to coordinate remediation and investigations.
Educating employees on cyber risk mitigation
Boards are maturing in their understanding and awareness of the need for cybersecurity, moving to more detailed questions. The point is not just to know the latest threats pertaining to the organization but also to understand in what ways and how to combat them. The focus should be on the information and capabilities required to communicate clearly and simply.
Understanding all external data on the threat, identifying associated indicators and events from the internal systems, and correlating the two to derive context and relevance to the environment is essential. And the information should be in an easily understandable format for people who don’t live and breathe security. This is regardless of them being concerned about a recent attack making the headlines.
During the current pandemic, communications should be at the top of every CISOs priority list, not only to showcase the value provided but also to lay a foundation of trust and knowledge that is likely to pay dividends when the budgeting season rolls around.