Finding Cybersecurity Opportunities in Crisis. How Business Leaders Can Prepare Right Now

During this time of unprecedented uncertainty, everyone at Axon Technologies is thinking about those who have been affected personally and professionally by the outbreak of coronavirus (COVID-19) and we celebrate those on the front lines helping slow the spread of this virus.

This crisis has caused an unprecedented level of turbulence across every aspect of our personal and professional life. Nobody was prepared for the pandemic. So, when it hit, companies around the world scrambled to make sense of the situation and enable their remote workforce in the quickest and most effective time possible. At times, this speed of deployment was at the expense of cybersecurity.

Now that companies are finding a way to work in this new normal and adjust to living and working with the virus, I would recommend cybersecurity leaders take this time as an opportunity to progress security strategies and principles across their organizations. Here are seven principles I’ve found helpful for CISOs navigating uncertain times in their companies:

1. Make cybersecurity everyone’s responsibility, not just IT or the Cybersecurity team. IT and the cybersecurity teams enable companies and the workforce to operate securely. But the individual employees can either be the weakest or the strongest link in the cyber chain depending on how well they are able to identify risks and incidents and follow established procedures to respond.
2. Build executive relationships across the business to market cybersecurity as a benefit, not a blocker — Involving the cybersecurity team early across the business units will help prevent a crisis, whether it is with DevSecOps, supplier due diligence, business process security assessment, or threat intelligence evaluations of M&A opportunities or business expansions. Contributions from cybersecurity functions into these initiatives can be truly beneficial to business strategy.
3. Demonstrate to executives that cybersecurity should no longer be seen as a cost capability — As you are building relationships with executives this is your opportunity to find ways of using cybersecurity as a competitive advantage to how your business makes money. Customers will prefer to choose and trust businesses that look after their personal data. TRUST is the key to Digital growth.
4. Allocate accountability for cybersecurity risk to business leaders — Business unit leaders, data owners and application owners own their data, and systems and as a byproduct own the risks to their data and systems. Therefore, business leaders must take some accountability for cybersecurity.
5. Balance focus and cyber investment across Prevention, Detection, Response, and Recovery — Clearly preventing all cyber-attacks is impossible but investment in prevention technologies like Antivirus and Firewalls are the foundations of security programs. We cannot ignore those, but instead, we also must increase our focus on response and recovery processes and technologies to move us into a more complete cyber-resilient organization.
6. Inspire your team for the road ahead — Now is a good time to evaluate the ways your cybersecurity team can strengthen connections and purpose, both within the team and the organization as a whole.
7. Bring partners with you on this journey — You cannot embark on this journey by yourself. The more executive relationships you build across the business, the more the business will demand from the cybersecurity team, as they transform digitally and find new ways of working and doing business. Look to build relationships with specialised partners who will invest time in understanding your business and offer you solutions to your challenges.

I hope this offers some clarity for chief information security officers (CISOs) who are actively working to weather this storm. If you have any feedback, I would love to hear from you.

Crises are never welcome, and it’s often difficult to see the light at the end of the tunnel. Cybersecurity leaders and their teams have been primarily focused during this pandemic on securing work-from-home arrangements and making sure they have the right technology, people, and processes in place to manage this new elevated cyber risk they are now facing. We covered in previous Axon Technologies blog posts some of our recommendations to secure remote working — including patching systems, using 2-factor authentication, releasing ‘security approved’ collaboration applications to your workforce, training the workforce on cyber threats and risks, and having processes in place to monitor activities, systems, and high-risk user groups to detect, respond to and recover from malicious activities across your environment.

It is our objective at Axon Technologies to be the cybersecurity partner companies need during these times. We want to help organizations navigate the cyber threats and risks they are facing during this crisis, and as they come out of it on the other side. Our solutions secure digital transformation. We do this through our 4 key strategic offerings: