Cyber-crime complaints increased 69% from 2019, according to the FBI’s 2020 Internet Crime Report. It’s no surprise therefore that industries are now setting higher standards and requirements, especially in the government sector where a breach could have catastrophic consequences. The Cybersecurity Maturity Model Certification, or CMMC, is a unified standard designed to enhance the protection of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). CMMC measures an organization’s ability to protect FCI and CUI and applies to over 300,000 DoD contractors. Requiring CMMC certification is a good first step for setting a security standard, but there is still a lot more organizations can do to protect classified information.
As more working adults receive vaccinations, it’s time for CISOs to create their post-pandemic plans. These plans must address employee concerns about returning to the office, protocols for employees who wish to continue to work remotely, and whether or not the organization will employ out-of-state talent. CISOs must consider these and other important questions as business leaders start to look ahead.
Being an effective leader is difficult during ordinary times, let alone during a global pandemic. Covid completely changed our lives, including the way we work. The best leaders adjusted quickly. CISOs, no strangers to adaption, led this change in many companies. The pandemic’s effects will be felt long after the last person is vaccinated. Business and security leaders therefore must continue to evolve in how they lead and defend their organizations against cyberattacks. Secure remote technologies, beef up security education and awareness for employees, and even mix up daily board briefs. These and other examples keep businesses nimble and responsive. They also keep employees alert and engaged.
The shift to remote work forced organizations to accelerate their digital transformation initiatives, creating significant security risks. While a zero-trust model may mitigate work from home risks, it may not be realistic for smaller organizations. However, there are several steps CISOs can take to improve their security profile as part of a broader digital transformation.
The pandemic has eradicated the traditional 9-to-5 workday. Employees are juggling kids, pets, and family during the day on top of their daily work responsibilities. Some employees handle it better than others. The younger workforce, in fact, has not only adapted to this new work environment, they’ve thrived in it. CISOs and other leadership members must accept this new work environment, including flexible work hours and trust the work will get done. Delegate tasks and give a hard deadline then trust the work will be completed on time. Adapt a trust but verify approach and check in if needed, but otherwise refrain from micromanaging.
The concept of a zero trust architecture is fantastic, in theory. How realistic is it in a post-pandemic world? Businesses rushed to implement cloud applications at the start of the pandemic. Employees accessed those applications from shared home networks using myriad devices. Verifying a user’s identity in this current environment therefore seems challenging at best. Can an organization realistically adopt a true zero trust model, or is a ‘Trust-But-Verify’ approach more attainable?
CISO Street recently moderated a virtual CISO panel and asked panelists about their perspectives on current cyber trends and challenges. In this video, Richard Rushing, CISO for Motorola Mobility and Jeff Lush, CIO for Air University at U.S. Air Force share their thoughts on zero trust during the pandemic.
When the pandemic hit, employees worldwide made the shift to remote work overnight. Is remote work the new normal or will companies adopt a hybrid solution? What does either option mean for the future of commercial real estate? The prospect of long-term remote work raises new financial, cybersecurity, and legal concerns for many organizations, leading to even more headaches for CISOs.
CISO Street recently moderated a virtual CISO panel and asked panelists about their perspectives on current cyber trends and challenges. In this video, Christopher Rence, Chief Data, Compliance, Security and Risk Officer for EQUUS Holdings and Darrell Jones, former CISO with Ares Management, share their thoughts on remote work and the potential long-term problems it may cause.
Everyone has adjusted to remote work by now, though certain challenges remain eight months into the pandemic. CISOs continue their search for the right balance between data protection and data accessibility. The struggle is real, as the sharp increase in phishing and ransomware attacks indicate. CISOs have better success when they know which data types require access, who needs it, and how will they share it and with whom. This framework lets CISOs overlay strict security and governance controls to ensure employee adherence.
CISO Street recently moderated a virtual CISO panel and asked panelists about their perspectives on current cyber trends and challenges. In this video, Mark Butler, CISO & SVP for MegaplanIT explains how CISOs can mitigate risk when giving employees working remotely access to sensitive data.
The ongoing pandemic has taken a toll on employees who typically separate work life from home life. Now, every day feels like Groundhog Day. Business leaders sometimes forget that the faces on the other side of a Zoom call are not just employees, but real people with lives that extend beyond their screens.