Cyber Continuity – Resilience in Action


Virtual Town Hall Insights

New York CISO Community

Eric Staffin

Managing Director, Chief Information Security Officer

IHS Markit

MODERATOR

Brian Lozada

CISO

HBO Max

PANELIST

Teresa Zielinski

Senior VP, Chief Information Security Officer & Product Security

GE Power

PANELIST

APRIL 2020

New York is no stranger to challenges and change. From the Great Fires to 9/11, New Yorkers have demonstrated a long history of meeting adversity with strength, courage and resilience.

Now, as the epicenter of the COVID-19 pandemic, New York finds itself, again, leading the charge. This time, the fight is to “flatten the curve” to give health care professionals more time and resources to treat the sick, as well as to create strategies and tools to gain control over the coronavirus. As the community moved its business activities from offices to homes to help slow the spread, CISOs found themselves on the front lines of the transition, implementing continuity plans and dealing with unprecedented situations. Most were prepared for shifting to remote work, but they were not ready for the size and scope of everything hitting at once.

On April 9, the CISO community, representing some of New York’s largest companies, came together at a virtual town hall to do what they do best – share and collaborate. To set the stage, New York CISOs responded to a survey prior to the gathering indicating the following: 

36% are continuing standard business operations at a reduced level, while 27% report little disruption and 14% are continuing business operations as normal

49% expect to return to standard business operations in less than 3 months and another 30% said within 3-6 months

50% report a high or extremely high impact on their organization’s revenue

52% predict a high or extremely high impact on their organization’s budget

The conversation was led by Eric Staffin from IHS Markit, Brian Lozada from HBO Max, and Teresa Zielinski from GE Power. During the town hall, they shared similar experiences and reflections on how their organizations are responding to the crisis. They also discussed the implications of what might be “the new normal” for their respective industries.

Immediate Response

When the order was given to shelter at home, speed was a top priority. Everything and everyone needed to be moved quickly and securely. During the process, security teams discovered that some solutions were not “one size fits all,” since not all hardware and software would work for everyone. This inspired creativity and flexibility in security leadership because it was imperative that everyone have the necessary tools to conduct business remotely. Normal guidelines had to be revised to include exceptions that could handle the new workarounds.

Although many organizations had tested their systems and plans for possible remote work scenarios, they did not realize how much their bandwidth would be impacted by everyone coming online at once. They weren’t prepared for how people were accessing different systems, as well as what apps they were downloading. Some of the existing tools and solutions turned out to be unreliable and were not scalable, so that forced teams to quickly pivot to new tools on the fly. Then, the next challenge was to help employees get comfortable with the new options.

One beneficial realization that came out of this experience is that after COVID-19, this new work dynamic could be sustainable. With the right planning, the feeling is that remote work is so effective, we will not be going back to the way things were.

This is the future of our workforce – remote work.

 

Executive Leadership During Crisis

Communication and connection are key. Technology, such as video conference platforms, can only go so far when trying to establish and strengthen team relationships. Leaders are finding that they need to make a human investment in addition to the hardware and software resources that make remote work possible. Therefore, new communication routines are being established.

Regardless of your industry, you are probably experiencing: 

Daily stand-up meetings and frequent well-being check-ins

Consistent and purposeful messaging

Increased transparency

There is also a growing need for balance. Especially when your professional life and your personal life are now under one roof. By encouraging employees to prioritize their physical and emotional health, as well as their cyber health, leadership can set the tone for smooth transitions during disruptive times.

Security and Future Planning

Now, more than ever, the voice of security should ring loud and clear. Employees need to know what is acceptable and what is not. They need to be shown that disruptions are taking place and that security is there to help them navigate the constantly shifting threat landscape. Teams depend on security to connect the dots that will keep them safe on both their work devices and their personal devices.

Security teams are also trying to get involved with the workflow. Keeping connected is top of mind, so collaboration channels have been created to enable easy access and communication. In addition, security teams are attempting to embed themselves remotely. It is a challenge, but out-of-the-box thinking is providing new ideas and solutions.

The attacks are ramping up, thanks to a larger remote workforce with an expanded perimeter. It’s there, it’s easy and it’s lucrative.

Thoughts From the Community

As organizations face significant financial impact as a result of the COVID-19 crisis, security executives are preparing to deal with stagnant or shrinking budgets when planning for 2021. In moving from “nice to have” to “need to have,” CISOs must prepare to arm themselves with data and statistics to effectively communicate what is critical from a risk standpoint.

CISOs can also play a big part in driving how we will work in the future. Companies are already looking to reduce their footprint in real estate. By effectively standing up remote work capabilities, CISOs give their organizations additional choices and potential cost savings. This also may help close the growing talent gap as next-gen professionals are seeking more remote work options.

Therefore, it is time for security to shift from the classic IT role to an enabler of business, as this is an opportunity for security leadership to get their well-deserved, permanent seat at the C-suite table. 


by CISOs, for CISOs


Join the conversation with peers in your local CISO community.

LEARN MORE