Driving Cyber Resilience as Security & IT Teams Shift to the New Normal
Did you know that according to a recent CyberEdge report, as of August 2020, the average remote workforce is 114% larger than it was pre-pandemic?
The need to adapt to the new normal of remote work has put the spotlight on cyber resilience as security teams work to protect their organizations from increasing and evolving cyber threats.
In November, SecurityScorecard hosted a webinar in which expert cybersecurity practitioners discussed the unique challenges they are facing, the proven best practices outlined by our 'ABC’s of Cyber Resilience' framework, and the results of CyberEdge’s report, ‘The Impact of COVID-19 on Enterprise IT Security Teams’, sponsored by SecurityScorecard.
SecurityScorecard’s Sales Enablement & Training Lead, Leon Hassid moderated the discussion with featured guests:
- Steve Piper, Founder and CEO at CyberEdge Group
- Giovanni Massard, GRC at Cargill Group
- Nuno Teodoro, CISO at Truphone
The ABC’s of Cyber Resilience
Steve Piper began the discussion by breaking down the results of the recent CyberEdge report mentioned above, describing the conditions that make the components of SecurityScorecard’s proven ABC’s framework essential to security professionals.
In addition to the increase in work from home, “many employees are using unmanaged devices,” said Piper. “We also saw an explosion in bring-your-own-device (BYOD) adoptions. That’s going to be setting the stage for some of the challenges that security professionals are seeing during the pandemic.”
Assessment of internal and external risk
Both the CyberEdge report and our poll of webinar participants found an increase in cyber threats and security incidents to be the top challenge that security and IT teams are currently facing.
Cargill responded to the crisis by performing risk assessments on critical vendors whose security and viability may have been adversely impacted by the pandemic. The company issued letters of understanding to ensure that expectations related to the handling of Cargill’s data are still understood and met by its suppliers.
“We also started running SecurityScorecard reports to see how third-parties were trending, and providing that information to higher levels of management at Cargill,” Massard said.
Business process automation
Cybersecurity is not only an IT concern, but a business concern as well. Automating key third-party risk management activities helps security teams manage remote operating models and dynamic supply chains, which supports business continuity.
“Our mobile recording space increased by 300-400% during the pandemic crisis, and we needed an automated way to scale our infrastructure to support our customers,” said Teodoro, who relies on the output of automated security alerts to safely scale Truphone’s operations and ensure continuity.
“Instead of having two or three engineers scale our infrastructure, we automate it,” he said.
Continuous management of third parties at scale
With over 2,000 third parties to monitor, scalability is essential to Cargill’s ability to monitor the cybersecurity performance of its suppliers. Previously, Massard’s GRC team managed third-party risk manually for the duration of the engagements. With security ratings, these activities are now automatic and scalable, and ownership of vendor relationships is given to the appropriate business units, with the GRC team stepping in when security assessments need to be performed.
Teodoro described how security ratings help Truphone manage third-party risk among suppliers that enable the company’s essential business operations.
“SecurityScorecard had a very critical role here in terms of providing some output for us to fine tune our business continuity management program against those critical services. This allowed us to engage in more fruitful conversations with those suppliers.”
Participants in the CyberEdge survey were asked which technologies they were acquiring this year—specifically to address new challenges stemming from COVID-19.
“The top three were cloud, cloud, cloud,” said Piper. “Investing in cloud security is smart from a lot of different perspectives.”
To get the most out of their technology investments, security teams need all components of their technology stack to communicate with one another, so they can gain a unified view of both on-premises and cloud security.
“We have all of the security technologies, I would say 70% cloud based, and everything is integrated,” said Teodoro. “Without these integrations, we would need ten times the number of people on the team, and we would be much less efficient than we are today.”
The panel closed the discussion with a final thought on cyber resilience. For Teodoro, adapting to the new way of working and keeping his team close and engaged has been key, while Massard stressed the importance of actionable data in taking proactive measures to prepare for future cyber incidents.
Want to learn more about how to drive cyber resilience in the new normal? Watch the webinar above and click here for more resources!