Mike Coogan
Senior Director, Cybersecurity
Waste Management
MODERATOR
Catharina Budiharto
Sr. Director, Cybersecurity Architect & Data Protection
Baker Hughes
PANELIST
Brad Hollingsworth
Director of Cyber Security
Mattress Firm
PANELIST
Marc Crudgington
CISO & SVP, Information Security
Woodforest National Bank
PANELIST
APRIL 2020
Houston sits directly in a hurricane path, so business continuity plans were fairly robust and enacted quickly as the COVID-19 pandemic moved to the U.S. No large-enterprise cybersecurity executives who spoke at a recent Evanta virtual town hall gathering said they were 100% prepared to function during a pandemic, but the ability to quickly pivot, take decisive action and support their teams has proved critical to keeping their business functional.
In this virtual town hall gathering of the Evanta Houston CISO community, participants discussed the resilience of their organizations in managing the crisis. To set the stage, Houston CISOs responded to a survey prior to the town hall indicating the following:
36% are continuing standard business operations at a reduced level
49% expect to return to standard business operations in less than 3 months
50% report a high or extremely high impact on their organization’s revenue
52% predict a high or extremely high impact on their organization’s budget
This panel was moderated by Mike Coogan, Senior Director of Cybersecurity at Waste Management. Coogan was joined by Catharina Budiharto, Senior Director, Cybersecurity Architect & Data Protection at Baker Hughes; Brad Hollingsworth, Director of Cyber Security at Mattress Firm; and Marc Crudgington, CISO & SVP, Information Security at Woodforest National Bank. This was a strong coalition of diverse industries, and while each security leader faced different industry challenges, they shared similar experiences in how they are continuing to elevate security during this crisis.
Immediate Pandemic Response
While some organizations had the benefit of a global workforce that could inform and jumpstart a response plan in the U.S., others were caught off-guard by the swift and extreme changes made to their business. Regardless of timing, there was consensus on the challenges and successes that have arisen in the wake of COVID-19. The general consensus is there was an immediate need to scale and secure their remote workforces, and the challenges included how to source equipment and licenses, acquiring or prioritizing communication and collaboration tools, and enabling virtual desktop solutions.
Each industry faced unique challenges and surprising opportunities. Retail saw a massive jump in large ticket e-commerce business, leading to two warehouses being retrofitted as direct-to-consumer operations. Oil and gas were already feeling the economic burn, and COVID-19 has only fed the fire. A top priority for business leaders is accelerating through the curves and looking beyond current challenges and into the future of digital business.
Executive Leadership During Crisis
Transparency and communication have been key to managing a remote workforce: virtual happy hours, weekly communications from leadership, increasing the frequency of internal meetings and general wellness check-ins have contributed to the successful management of a newly remote workforce. The rollout of collaboration tools was accelerated to ensure cross-functional communication could continue.
But how much communication is too much? When does the pursuit of knowledge sharing become information overload? The answers differed, but the advice was clear: listen to your employees and customers; they will tell you what they need. Lead with best intentions and trust your teams to work for you and with you.
Business as usual looks different in this new world, and leaders are not only shifting their communication, they are reassessing their tools, people and projects. Initial planning is coming to fruition, and recognizing the writing on the wall early has been a key indicator of success. However, information regarding COVID-19 and the worldwide impacts of the pandemic are ever-changing, so leadership teams should be constantly updating their plans.
Security and Future Planning
When supporting a remote workforce, multi-factor authentication is a must-have. Those who did not already have MFA for remote access set-up saw a massive increase in help-desk tickets for password changes and updates. Succinct training needs to be implemented quickly to ensure employees are up-to-speed on how to adjust to MFA and practice good security hygiene at home.
Cyber-attacks have not stopped, and for some organizations, they have increased in frequency. CISOs need to ensure they have the proper tools in place and are focused on heightened monitoring of the evolving threat landscape. CISOs are picking up the mantle and viewing this as a personal challenge to show the value and importance of security.
Response to this pandemic has required an all hands-on deck approach and expanding roles and responsibilities to continue business as usual.
Adjusting to this new paradigm has required changes in how to extend security to a newly remote workforce and third-party contractors. Full-tunnel VPNs have been a popular solution, but flexibility is required when employees need to access information via a remote desktop. Ongoing communication to ensure that devices remain secure and patched has been a top priority. Dealing with smart devices in the home is also an unforeseen challenge that should be accounted for when thinking about the security of your remote workers. Asynchronous work and balancing working from home with personal obligations have become the new normal. Now is the time to trust that the right people are on your teams and they will weather the storm.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
