Everything is different.
Nothing is the same.
That’s what everyone will tell you right now about conducting business during a pandemic. But let’s all take a deep breath and delve deeper into what it means for companies to treat cybersecurity as an empowering experience in this time.
Sounds a bit like an installment of Zen and the Art of Cybersecurity Maintenance, doesn’t it? But once we realize that during this moment of unpredictability, perfect is the enemy of good, we can face big business decisions that provide us with the comfort to sleep well at night.
Shift Our Expectations
For starters, albeit somewhat controversially, we have to enter the mindset that even some amount of successful cyber-attacks are okay just as long as the consequences are minimized or mitigated. This is just the logistical reality considering proximity.
In the past, there has been a desire for perfectionism when it comes to cybersecurity and it’s not unreasonable. That should typically be an expectation from a CISO or a cybersecurity developer. But we’re in an environment now in which every single aspect of business is about compromise.
It’s not the same business decisions we had the luxury of making a few months back like selecting one airline over the other when factoring bonus miles–it’s factoring whether I can fly at all?
The New Endpoint
A lot of network security is reliant on a perimeter. The world has become forcibly distributed. It’s also the case that a fair amount of endpoint security was reliant on the endpoint, and many organizations have less control over those endpoints now.
These considerations are made worse because the decisions to ensure security had to be made immediately. If you think back to a time, over two months back, when we interacted with our coworkers in person, to a large extent proximity played a large role in requests made. You asked for a program to be installed on your laptop and an IT manager came to your desk and was able to validate your request just by the fact that you shared office space.
All of our interactions are non-proximate now. With all the other demands a CISO meets every day with a remote workforce, all in an effort to maintain business continuity, malicious cyber threats know that now is the time to take advantage of overwhelming workload.
But to counter that threat, now is a time, more than ever, in which CISOs and CEOs have to work collaboratively on understanding one another’s positions.
Cybersecurity is a Collaboration
Everyone making a decision has to be working from the same set of assumptions. You have to accept compromises and the company needs to get together through a mutual understanding.
On the one hand, a CISO can’t say no to certain requests because sometimes those requests enable productivity. But on the other hand, CEO’s need to understand that there are compromises which a CISO cannot encourage because ultimately it’s his job on the line.
It’s possible that one silver lining of conducting business now is that there can be a shared appreciation for the importance of both roles. But while we entertain the notion of a new normal in which even some amount of successful cyber-attacks are okay just as long as the consequences are minimized or mitigated, we should also realize that cybersecurity is functioning to compensate for these unprecedented conditions.
A remote workforce isn’t a new corporate approach, nor are the proximity considerations–to this far-reaching extent, perhaps. But from an industry standpoint, cybersecurity is prepared to handle our new reality, a reality in which CEOs and CISOs work together in idealizing our business model given the circumstances.
So let’s take another deep breath.
It’s going to be okay.