The response to the coronavirus pandemic has forced fundamental changes in our personal and professional lives. Ways of working have transformed quickly to maintain business operations through the crisis, and many organisations have adapted their operational priorities. This has put pressure on existing systems, accelerated delivery of planned systems and quickened procurement of new capabilities. All this is happening while on a crisis footing, forcing leaders to take risky decisions at pace.
This crisis response is changing the threat landscape of your organisation. The UK National Cyber Security Centre and US Department for Homeland Security report that, although there hasn’t been a significant increase in cybercrime, criminals are increasingly exploiting COVID-19 with incredibly effective techniques. To manage such new risks, you need to implement new controls and training, procure and integrate new systems securely, and adapt existing processes, such as incident response, to suit a largely remote workforce.
These are substantial actions that need to happen quickly, but there are steps CISOs can take to ensure their organisations emerge from this crisis with improved cyber security, ready to excel in the new reality.
We’ve used our extensive cyber security experience, such as helping T.Rowe Price prepare for times of crisis by safeguarding $1 trillion in assets, to create a comprehensive self-assessment that will help you ensure your cyber security is still robust. It considers the whole lifecycle of the crisis response, from the immediate reaction, through improving the integration of information security across your organisation, to identifying and pursuing the opportunities that emerge.
Below, we outline the seven phases of crisis response CISOs need to manage through. For a detailed version of the self-assessment or support managing your cyber security response to COVID-19, get in touch with our digital trust & cyber security team.
This isn’t a cyber-centric crisis but CISOs have a vital role to play to limit and manage risk from the start. In the first phase, you need to know your role, influence decision-making where you can and capture risks to deal with later where you can’t.
In the second phase, your focus will need to shift to securing systems that enable remote working, such as Cloud productivity services, VPNs and conferencing technologies.
With most people working from home, there are new challenges in ensuring we all work securely. In the third phase, you’ll need to provide training and communications to help people do their part in protecting your organisation.
Information security incidents will happen. So, in phase four, explore whether your new ways of working mean you need to redesign your processes and rehearse them to ensure your organisation is ready to respond.
Given the pace of change, phase five will require you to review your risks and information security policies, and proactively manage them. Capture any new good practices and prepare for the future.
Before COVID-19, you’ll have had plans for various cyber transformation programmes. It’s important not to let them fall into irrelevance. So, in phase six, assess and reprioritise existing programmes make them relevant to your new operational priorities, risk posture and budget. Done right, this will help your business adapt quickly to the post-crisis future.
This crisis will end, but we’ll never return to things as they were. So, learn from the changes we’re forced to make and identify opportunities to shape future operational priorities by looking at what’s worked well through this crisis.
Our self-assessment guides you in creating an immediate actionable plan. It also gives the scope to build a longer-term recovery plan and, eventually, a full cyber transformation programme to support your organisation’s new reality. For a detailed version of the self-assessment or support managing your cyber security response to COVID-19, get in touch using the details below.
By following through on the seven phases, your organisation will emerge from this crisis stronger than it was before. It will have better technology, better integrated security, a cyber-savvy workforce and an improved reputation as a trusted organisation.
For a detailed version of the self-assessment or support managing your cyber security response to COVID-19, get in touch with our digital trust & cyber security team.