Cyber and privacy leaders' agenda

Cybersecurity teams have traditionally been strongest when it comes to assessing their capabilities, identifying risk, and building roadmaps for the future. CISOs should focus attention on the elements of cybersecurity where many have been weaker in the past. Specifically, they should look to strengthen their engagement with stakeholders, ensure their alignment to core business goals and objectives, and assess their business partners’ satisfaction with the performance and delivery of security services.

As their relationships with business partners have deteriorated in recent years, CISOs may now lack the visibility they need to operate in sync with other functions and pursue a strategy that aligns with the business. Explore next steps for CISOs in the articles below.

To respond to the organizational challenges highlighted by EY research, as well as the sophisticated nature of recent high-profile attacks, CISOs need the support of versatile, multi-skilled professionals.

However, the breadth of skills needed in today’s function is expanding in several directions at once. There is no such thing as a “standard” cybersecurity profile. CISOs need individuals with advanced technical skills, as well as the ability to build interdepartmental relationships. 

We outline in this article some of the many cybersecurity executive profiles that have emerged in recent years, despite the profession’s relative newness. Each profile has its own area of focus, relies on its own range of soft skills and professional qualifications, and plays an important role in meeting the changing needs of the business.

The shift to remote working during the COVID-19 pandemic brought the importance of robust identity and access management (IAM) practices firmly into the spotlight. It has become an integral pillar of an organization’s security infrastructure as the business demands better access controls in a less controlled network environment with shared platforms.

The increased use of personal devices and remote access to core business systems increases the threat landscape of businesses. However, adoption of new IAM controls and processes will mitigate the cyber risks and threats for organizations.

What can security leaders do now, next and beyond?

1. Now – solve the current crisis
   Perform an impact assessment of remote working, IAM processes, and secure access to critical and non-critical applications. Support contingency programs including IAM process simplification and work-arounds, and re-organize IAM operations to accelerate execution and monitoring of remote and privileged access.
   
   
2. Next – steps for year-round
   Assess the appropriateness of remote access by critical/non-critical application, and review the revised access controls with your compliance teams. Also gain buy-in from your compliance team for simplified procedures, including access to business applications.
   
   
3. Beyond – resiliency and risk management
   Enhance your IAM capability through improved contingency processes, awareness, reporting, technology and collaboration.

It is well understood that privacy needs to evolve. This is driven by technological developments as well as changes in societal attitudes and perceptions – ordinarily rooted in national and cultural factors – which are highly reactive to the perception of peripheral events.

Now, in the midst of the COVID-19 pandemic, we must ask ourselves … what happens next? Have consumer perceptions of privacy fundamentally changed? Have our perceptions about trustworthiness of government and business shifted? Is there an opportunity for governments and businesses to redefine approaches to collection and use of personally identifiable information (PII) moving forward?