Why Many CISOs Got Caught by the COVID-19 Pandemic
At a high level, the IT industry may have been caught with its pants down a bit in the current COVID-19 pandemic. Not because there aren’t a lot of smart chief information security officers (CISOs) out there doing smart things, but rather in our/their ability to quickly adapt to an unprecedented scenario—and perform under an attack on personal safety.
We have always been afraid of a breach, but being able to support a remote workforce—essentially overnight—under the guise of protecting lives brought a whole new pressure to the role. Then, as we caught our breath, we had to adapt to a changing threat landscape.
Controls that we thought were effective were not. We realized that we didn’t put as much effort in validating third-party services as we should have (Zoom, for one widespread example). And we’re being asked to forward think and define a security fabric that protects the security and privacy of the “new normal” workforce. Some thought leaders have said for years that the CISO gig is not for...