Articles

How the post-pandemic world will challenge CISOs

More permanent remote workers, requirements for protecting health data, and a more dangerous threat landscape await security teams as the COVID crisis ends.

CISOs will have to manage new security challenges in a post-pandemic world. Reconfigured workplaces and employee health considerations, as well as increased threats, have been foisted on organizations just as many security workers are feeling tired and stressed out, according to experts speaking at last week’s RSA Conference.

“When COVID first hit, we jumped in like ‘we do insecurity all the time.’ We went into firefight mode, and we’re good at it, and we practice it,” Helen Patton, advisory CISO of Cisco Secure and former CISO at Ohio State University, said. “We’re hitting the cadence of this going on for so long. You can feel the stress; you can feel the overworked-ness.”

More focus on work-life balance

“We’ve been running our folks way over 100% for 18 months, and there’s no end in sight to that,” Patton continued. “I think we have to get better at planning for the unexpected, which means planning for the team so that we’re not burning them out.”

The increased workload did have some upsides, Patton said. “I do think that as a result, we saw some good things coming out of it, which is just an appreciation for that work-life balance.”

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

New FBI strategy seeks to disrupt threat actors, help…

lead centered=”no”
The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.
/lead

Last week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint announcement about the potential threat that foreign-backed online journals pose in spreading misinformation ahead of the crucial 2020 US presidential election. This alert, intended to raise public awareness based on government intelligence, reflects a new strategic direction by the FBI to work with partners across the federal landscape to better protect the American public and its allies from cyber threats.

“It’s a complex threat environment where our greatest concerns involve foreign actors using global infrastructure to compromise US networks,” Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division said during a conference at Auburn University’s McCrary Institute organized to debut the Bureau’s new strategy.

Ugoretz said that among the many factors the FBI must now juggle in dealing with cyber threats are:

  • The increased attack surfaces stemming from widespread work-at-home arrangements due to the COVID-19 crisis
    Attackers’ growing willingness to exploit the increased vulnerabilities the wider attack surface make possible
    The increase in availability of tools that threat actors use to launch attacks
    Growth in the number of both criminal and nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Jack Young on Unsplash

 

Articles

CIOs say security must adapt to permanent work-from-home

lead centered=”no”
Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.
/lead

The entire US economy and government were forced to shut down in-person facilities and operations almost overnight in March as COVID quarantines began. The new conditions forced organizations to quickly find ways to secure tens of millions of new, vulnerable endpoints created by at-home workers. Now, six months later, technology leaders are taking stock of what happened and considering how a post-COVID landscape might look.

COVID has resulted in a lot of forward-looking changes, Jim Weaver, CIO of Washington State, said at the second day of the annual Cybersecurity Summit hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). “COVID has been our chief innovation officer. Now as a state we’re pivoting to change our service methodologies while in the middle of a pandemic and economic downturn.” Washington was the first state with a positive COVID case on January 14.

“Governor Inslee has been a big proponent for remote work for a lot of reasons and so we did have a culture and mindset in place already enabled to support it,” Weaver said. Washington had to jump from an average of 3,000 to 4,000 remote concurrent connections to 65,000 to 70,000 almost overnight. “That went pretty flawlessly, I’m pleased to say.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Charles Deluvio on Unsplash

 

Articles

CISO Q&A: How AvidXchange manages COVID-related threats and risk

lead centered=”no”
Like many CISOs, Christina Quaine’s team is supporting the payment processor’s work-at-home employees and managing internal pandemic-specific risks. It also helps its mid-market customers meet new security challenges.
/lead

CSO caught up with Christina Quaine, the CISO of AvidXchange, a North Carolina-based payments processor that focuses on mid-market companies. We talked to her about how this mid-sized company, with 1,400 or so employees, has dealt with the changes wrought by the COVID pandemic. Given the company’s role in financial transactions, we were particularly keen to hear how the rise in coronavirus fraud instances were affecting her job. Below is a transcript of our conversation, edited for length and clarity.

This article appeared in CSO Online. To read the rest of the article please visit here.