Our panelists at CISO Champions Online, EU discuss the evolving role of the information security function in a turbulent world
The onset of the global pandemic in early 2020 sent shockwaves through the international business community. Remote work was expanded rapidly, and cybercriminals capitalized on the disruption with more sophisticated and more targeted attacks.
At the same time, businesses were rapidly digitizing and moving operations to the cloud, changing the nature of the traditional security perimeter, and creating a new set of challenges for information security leaders.
A year later, many of the initial hurdles have been overcome, but, as many of the industry leaders who gathered at Corinium’s CISO Champions, Online EU conference noted, the continuing uncertainty has caused information security leaders to refocus their attention on risk.
“I don’t think there is such a thing as 100% security, nor do I think there’s such a thing as 100% compliance for that matter. That’s because risk is dynamic and what we do in our businesses is dynamic,” says Nicola Lishak, Head of Information Assurance at Royal Mail Group. “Digital transformation and the events of the last year, I think, have actually helped us refocus on risk because we’ve had a whole year of dealing with uncertainty.”
Reevaluating Priorities Based on Risk
No-one saw the pandemic coming, of course, but the disruption it caused gave some information security executives an unexpected opportunity to refocus on their priorities.
“Effective security is all about being able to demonstrate a risk-based approach and align with your corporate objectives and I don’t think that has changed,” says Lishak. “I actually feel [the pandemic] gave us an opportunity to have a razor-sharp focus on what our priorities were and to build our response around our risk-based decision-making.”
This risk-based approach to decision-making also informed how many companies responded to the rapid changes to ways of working caused by the pandemic, says Zsuzsanna Berenyi, Information Security Expert at the London Stock Exchange Group.
“It was very important to take a very critical risk-based approach and look at how can people work from home on a much larger scale,” Berenyi says.
She continues: “I think the silver lining [of the pandemic] is that it has given us the opportunity for people to really understand what risk is and what are the risks that they really need to be looking out for.”
Responding to the Evolving Threat Landscape
The pandemic not only created new operational challenges for information security leaders – but it also created opportunities for cybercriminals. Research from IBM shows that cyber-attacks have more than doubled since the start of the pandemic.
“Armed robbers were not able to go to the shops anymore to get their regular earnings, so they had to find ways to convert to online,” says BNP Paribas Group Head of Cyber Risk Intelligence Jules Pagna Disso.”
Responding to the increased threat must go deeper than simply securing APIs, Pagna Disso says. Information security professionals will have to also secure underlying processes to mitigate more serious risks in the future.
“As we move towards more and more digital transformation, we need to make sure that the processes that are built together are very secure,” Pagna Disso says. “It’s not just about securing APIs. That is one part of the equation, but the processes themselves need to be checked and need to be secure. If not, we are opening ourselves to many more problems.”