In 2020, a world inexorably going digital was sped up by COVID-19, necessitating businesses to enable remote workforces overnight, without planning or preparation. This change required chief information security officers (CISOs) to ensure digital security on the go, simultaneously reckoning with new and emerging threats, while ensuring business continuity in a workplace that now featured a multiplicity of systems, networks, devices, programs, processes and overflowing information.
How CISOs should prepare for 2021
As cyberattacks grow in number and sophistication, 2021 is unlikely to be different. Based on what we have seen so far, two assumptions can be made. The pandemic will linger long into this year, and the virtualized workplace will expand as businesses grow. Both assumptions mean increased CISO workloads and more imponderables.
I believe there are seven imperatives for CISOs to focus on for 2021.
1. Make cybersecurity a boardroom agenda
As digital transformation has become the core component of almost all business processes, security has become a business concern, and as a result, cybersecurity should firmly be on the boardroom agenda of all organizations. The role of a CISO has significantly evolved from being focused on technology alone to also considering business risks as well. They should engage with their peers across business units, explaining the significance of having a robust cybersecurity program. The management level councils and forums shall serve as an essential medium to engage with stakeholders to drive strategic initiatives.
2. Invest in cloud security
As businesses continue to move to the cloud, CISOs must prepare against more (specific) threats — data breaches, denial of service, insecure APIs and account hijacking, among others — simply because the growing amount of information in the cloud attracts cybercrime. Most cloud service providers include built-in security services for data protection, regulatory compliance and privacy, secure access control capabilities for effective security risk management and protection in public cloud. Yet, it is critical for organizations to build a robust strategy for risk management framework, secure cloud…