We’re all still living through the personal and professional impact that the COVID-19 pandemic has had. Lives have changed and the world of office-based workers have changed with them. Business leaders needed to adapt, with technological enablement and digital transformation plans accelerated or in some cases, introduced for the first time. But one of the biggest changes we couldn’t have predicted was the changing role of the CISO, which was dramatically put into the spotlight 18 months ago and has helped to enable innovation.
Emergence of the ‘Unbound Enterprise’
Prior to 2020, digital transformation was slowly and steadily transforming the workplace. Workers were increasingly operating from a number of different locations, accessing data and system through various devices and using cloud-based applications that IT departments had little to no visibility over.
These factors which had been reshaping the traditional workplace model were thrown into sharp focus when governments around the world announced restrictions. We call this the ‘Unbound Enterprise’, and for CISOs, it has meant a very real shift in roles and responsibilities. To understand how leading organisations and their business and technology leaders have, and will address our changing workplace in the future, Forcepoint commissioned a study from WSJ Intelligence. The findings indicated that now is the time for CISOs worldwide to reassess their positions and make some key changes in order that their companies stay protected, productive and innovative.
1. Cyber security now plays an integral role in the boardroom
In the last 18 months, network boundaries have truly dissolved. Cyber security is no longer just an IT issue, but the business driver and innovator within the enterprise.
According our WSJ Intelligence/Forcepoint study, COVID-19 significantly changed how cyber security is perceived in the boardroom, with 74% of business leaders stating they have reallocated funds to cyber security programmes during the pandemic. In addition, 53% have recognised the need for more tightly integrated cyber security capabilities across traditional product boundaries.
It’s also clear that leaders now see cyber security as the key to innovation, rapid digital transformation, and competitive advantage. In fact, the research highlights how the CEO has finally taken it seriously, with a third (33%) of CEOs now making it an ongoing discussion with the C-suite, compared to a quarter of CISOs who were already discussing it.
Over half (54%) of CEOs also stated that cyber security now contributes to an accelerated pace of digital transformation, compared to 45% of CISOs. When it comes to budgets, 42% of CEOs have re-allocated financial resources to adapt to cloud-based systems as a result of the pandemic, compared to 34% of CISOs doing the same (perhaps the CISOs were already on that path?).
These findings point to much more than a temporary blip in behaviour. They paint the story of a major shift in attitude towards security practices. For the CISO, this means cyber security finally has a seat in the boardroom.
How to empower your chief information security officer (CISO)
2. Protecting the distributed workforce has become the top priority
With digital transformation already in focus for many businesses, adding a now distributed workforce on top of this scenario ratchets up the security challenge. One in five CEOs and CISOs saw a major increase in all types of cyber attacks since COVID-19, with supply chain attacks topping the table side by side with ransomware.
The COVID-19 pandemic forced organisations to make a choice when managing the distributed workforce – apply restrictive policies that mitigate risk, which inhibits productivity, or allow minimal policy enforcement to enable productivity.
The key here is to enable and drive businesses, rather than impede them. By moving to support remote workers by adjusting policies and controls discreetly, businesses can enable teams to work better in their own role in their own job. This means allowing them to access data from anywhere while providing better visibility 24/7, enabling more proactive alerts and controls. In fact, 58% of CEOs and CISOs have recognised the need for a more integrated trust framework, with 48% also substantially increasing the use of cloud-based cyber security systems.
In the future, the workforce will have even more autonomy within the decentralised cultures that develop as business leaders find new ways to drive collaboration and creativity. For the CISO, this means continuous adapting to an evolving workplace.
3. Increased investment in SASE and Zero Trust
As the landscape continues to shift, CEOs and CISOs are investing in Secure Access Service Edge (SASE) and Zero Trust more than ever. These approaches to networking and cyber security architecture provide uniform connectivity, protection everywhere so that people can work anywhere, and identity verification and explicit permission for every user.
According to the WSJ Intelligence and Forcepoint research, 90% of CEOS have either already adopted SASE (43%) or are currently evaluating SASE with a view to adopt (47%). In addition, 38% have accelerated their adoption of Zero Trust architectures.
The research lays out a path for others to follow and indicates that effective cyber risk management programs will involve the convergence of multiple capabilities: cloud security, endpoint controls and user activity monitoring. To really capitalise on a SASE architecture, we believe data must be put first. Data-first SASE not only provides uniform connectivity and protection everywhere, but also gives leaders control over how data is used – even after it’s downloaded.
For CISOs, it’s time to embrace this and take a fresh look at cyber security, which means adopting new security frameworks that have the agility to evolve alongside the business.
The biggest post-pandemic cyber security trends
Changing role of the CISO
The role of the CISO has changed dramatically these last 18 months. It’s taken a global pandemic for business leaders to realise the importance of cyber security and finally cement its role in the boardroom.
It’s crucial that CISOs take control of this role within their organisations to affect lasting change by focusing on their role as enablers. This requires new tools as well as deeper collaboration between IT professionals and the business. It will mean shifting away from point solutions to build an integrated security framework with the agility to adapt to a continuously evolving environment now and in the future.