Threat Advisory: Ongoing HermeticWiper Situation. Read More ➞

Three Takeaways From Top CISOs on Successfully Securing Their Newly Remote Workforces

In the past week, the spread of COVID-19 has compelled many businesses to suddenly shift their office-based workforces to remote ones. This has quickly changed the game from a security perspective: an evolving attack surface, proliferating endpoints, new network behaviors, and more.

That’s why ReliaQuest quickly convened a couple of leading CISOs – Chris Lugo of Danaher and Jason Raymond of GuideWell Holdings – alongside its CTO, Joe Partlow, to offer perspectives intended to benefit security teams adapting to the changing landscape. ReliaQuest COO Colin O’Connor moderated.

Top takeaways from the group included:

1.  Focus on re-evaluating normal and abnormal network activity. As employees surge onto corporate networks from disparate remote locations, CISOs and their teams are adjusting all of their baselines based on the “new normal” of usage patterns. This helps security operations teams quickly understand what’s worthy of attention compared to what is simply a usage pattern change from the switch to a remote work force and avoid wasting time on a flood of false positive alerts.

2.  Take advantage of heightened attention to corporate communications to drive safer behaviors. Our CISO panelists reported that employees are more responsive to internal comms than ever. Therein lies an opportunity: as a powerful resource to train and educate the workforce on protecting the corporate environment. Re-educate the workforce on best practices for phishing attacks and social engineering using the latest virus-related examples from threat actors.

3.  Stay focused and communicate risk in business terms. CISO panelists underlined that security leaders often struggle to find the right metrics to communicate risk to the Board and other peers. For the time being, when business continuity is top of mind in the C-suite, the panel emphasized that less is more. Focus is important in all directions: ensure your teams understand and have visibility to protect what’s most important to the business, they have the tools to perform their job and support from their leaders. Daily stand-ups have been a way for teams to prioritize, collaborate and engage while being remote.

For more guidance on measuring and communicating risk, get the CISO’s Guide to Metrics that Matter.

More Articles

CISOs, Are You Prepared to Answer These Questions in Your Next Board Meeting?

One of the greatest challenges in maturing security programs stems from difficulty showing ROI on your security investments and communicating your security posture and effectiveness in a way that makes sense at the board-level. If you start talking about the number of events per second, firewalls blocked, or MTTR, eyes will start to glaze over […]

ReliaQuest’s Experts Weigh In: 2021 Cybersecurity Predictions

This past year has certainly thrown some curveballs at security professionals.  With new threats tied to current events like the COVID-19 pandemic and the United States presidential election, organizations have had to re-evaluate their security strategies and shift priorities, and this new focus will undoubtedly carry into the new year.  Perhaps the greatest reveal that […]

What 19 CISOs Say About the Long-Term Positive Impact of the Virus

The spread of COVID-19 has challenged businesses – and security teams – around the world with operational scenarios that a couple of months ago seemed unthinkable.  That’s why we partnered with security leaders and industry experts on a recent webinar series to offer actionable help. The sessions tackled best practices for thriving amid pandemic-related changes, […]