Cyber Continuity - Resilience in Action

Virtual Town Hall Insights 
Boston CISO Community

Kevin Brown

Vice President & Chief Information Security Officer

Boston Scientific

MODERATOR

Ravi Thatavarthy

VP & CISO

BJ's

PANELIST

Esmond Kane

CISO

Steward Health Care

PANELIST

APRIL 2020

CISOs representing a portion of Boston’s largest companies met virtually to discuss business continuity amidst the unprecedented challenges of COVID-19. While Boston residents have been working from home for weeks, at the time of the town hall on April 1, Boston was not considered a coronavirus hotspot. Massachusetts state authorities predict a surge in cases in mid-April, inevitably creating stress for the health care system.

In this virtual gathering, participants discussed the resilience of their organizations in managing the crisis. To set the stage, Boston CISOs responded to a survey prior to the town hall indicating the following:

36% are continuing standard business operations at a reduced level, while 27% report little disruption and 23% are continuing business operations as normal.

60% expect to return to standard business operations in less than 3 months and another 27% said within 3-6 months. 

60% report a high or extremely high impact on their organization’s revenue.

67% predict a high or extremely high impact on their organization’s budget.

The discussion was led by Kevin Brown from Boston Scientific, Ravi Thatavarthy from BJ’s Wholesale, and Esmond Kane from Steward Health Care. They represent different sectors and discuss the implications for their respective manufacturing, retail and healthcare industries. They shared some similar experiences and reflections on how their organizations are responding to the coronavirus crisis.

Securing the remote workforce

Most CISOs’ organizations had some ability to work remotely in place already, but none had a 100% remote workforce, much less one that had to be implemented on short notice. All reported that they had to immediately and broadly scale up their remote workforces. Challenges included how to source equipment and licenses, acquiring or prioritizing communication and collaboration tools, ensuring security for cloud applications, and enabling virtual desktop solutions.

A lot of digital transformation initiatives had moved company solutions to the cloud already. But the usage of VPN was becoming less important until the coronavirus situation forced them to scale up on it. Workers that hadn’t previously needed laptops before, now needed equipment. Executives also hadn’t predicted which employees might have personal devices they could use at home in an emergency versus those who would not.

Each industry faces unique challenges, as well. In health care, they have additional requirements for maintaining patient confidentiality with a remote workforce and in transitioning to telehealth options. In retail, they are managing an extraordinary surge in demand and traffic during consumer “stockpiling,” along with new requirements around cleanliness and social distancing. For manufacturers, they are answering the question – what if all employees can’t be remote? How can we shift work to keep employees safe and productive?

Don’t waste the crisis when it comes to accelerating digital transformation.

 

Communicating and staying connected

Executive communications have become extremely important over the past few weeks – both within the executive team and with teams and employees. For executive teams, many have an emergency response team set up along with daily standup meetings. Tools like Zoom and Microsoft Teams have been invaluable for communicating and collaborating. Some organizations have ramped up employee communications around remote work and cyber security, using education as one of their best defenses against phishing and other cyber threats. 

Across the board, executives are thinking about how being 100% remote creates a new organizational culture requiring leaders to:

  • Be flexible and adaptable, especially around families, kids, and pets that now populate the home workspace
  • Boost morale and create team-building exercises and happy hours over virtual meetings
  • Conduct more frequent, company-wide virtual town halls
  • Check in with teams informally and regularly
  • Share kudos and acknowledge the hard work and extra hours that have gone into their teams’ response to the crisis

Planning for next steps

It’s hard to see a return to normal business operations when the health crisis hasn’t peaked in the region. Unless an initiative is related to the coronavirus emergency response, it has to be placed on the backburner. Some businesses were anticipating a recession in 2020 already; now, CISOs are all thinking about the budget impacts of the measures that business continuity required. The COVID-19 responses have basically wreaked havoc on the plans that were in place for 2020.

In addition, cyber threats have not taken a break; in fact, they have escalated during a perfect storm for cyber criminals. However, CISOs also view this as an opportunity to show their organizations the value and importance of security.

As leaders in their organizations, they are also thinking about the long-term effects of remote work on recruiting and culture, what their approach is to a zero trust security posture, and how they will manage business continuity planning now that they have seen a bigger disruption than could have been imagined.

Thoughts from the community

The discussion about business continuity planning included a question about whether anyone had a pandemic on their radar. CISOs and their teams had planned for Boston snowstorms, a recession, or a manufacturing plant going down – but nobody expected something on this scale. 

Several executives noted that continuity planning often involves a scenario in which one factory or one location is out of commission, not all locations and all employees globally. The extreme snowstorms of a few years ago in Boston created a somewhat similar situation in which people couldn’t get to work, but continuity planning can rarely account for all the pieces of the puzzle that are occurring with COVID-19. 

In terms of how the CISOs are rating their organizations' responses, the consensus was they are doing okay, learning which areas need improvement, and adapting to a huge cultural shift taking place under their feet.

 

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.

LEARN MORE

Suggested content

SESSION PREVIEW | MAY 14, 2024
SESSION PREVIEW | MAY 14, 2024

AI/ML and Zero Trust — Driving Business Success

As cyber threats become more sophisticated and pervasive, enterprises need to adopt an agile approach to network and security that promotes innovation and mitigates risk. At the upcoming San Francisco CISO Executive Summit, CEO, Chairman and Founder Jay Chaudhry of Zscaler, Inc., will discuss how AI/ML and zero trust are key enablers of this transformation – here’s a preview.
BLOG | MAY 8, 2024
BLOG | MAY 8, 2024

7 Sessions to Check Out at Upcoming CISO Summits

Evanta is about to launch a series of regional Executive Summits for our CISO communities, where security executives will gather across 22 cities to network, share and learn from each other. Here is a preview of 7 sessions to check out at upcoming CISO Executive Summits.
SESSION PREVIEW | MAY 5, 2024
SESSION PREVIEW | MAY 5, 2024

From Z to A - Extending Zero Trust to APIs

As more organizations adopt a Zero Trust architecture, some overlook the increased prevalence of API-based access to sensitive application functionality and data. At the upcoming New York CISO Executive Summit, Steve Winterfeld, Advisory CISO at Akamai, will discuss API strategies to ensure security from the network layer to the application layer – here’s a preview.
VIEW MORE CISO CONTENT