Shawn Bowen
CISO
Restaurant Brands International
MODERATOR
Magnus Carling
CISO
Stena
PANELIST
Jarkko Rautula
CISO
Ingka Group
PANELIST
Per Thorsheim
CSO
Nordic Choice Hotels
PANELIST
June 2020
Looking back to the beginning of 2020, few people could have predicted the huge shifts that would drastically transform our lives, both personally and professionally.
As organisations are forced to think outside of the box to keep things running as smoothly as possible during the COVID-19 pandemic, they are discovering hidden strengths and a surprising resiliency in their strategies and in their teams. And, perhaps for the first time, they are making security a priority.
CISOs are now finding themselves on the front lines of this transition, introducing new business systems and solutions, as well as dealing with unprecedented situations, which includes the need for speed. Things are moving so quickly that security professionals say they are accepting risks that they would have never accepted before, but they must do so now to survive.
On 16 June, the Nordic CISO community came together at a virtual town hall to do what they do best – share and collaborate. To set the stage, EMEA’s CISOs responded to a survey prior to the gathering indicating the following:
55% reported little disruption or they are continuing business operations as normal
40% expect to return to standard business operations within six months
30% report a high or extremely high impact on organisation’s revenue
27% predict a high or extremely high impact on their organisation’s budget
Shawn Bowen, CISO, Restaurant Brands International, Magnus Carling, CISO, Stena, Jarkko Rautula, CISO, Ingka Group, and Per Thorsheim, CSO, Nordic Choice Hotels led the peer conversation. During the town hall, they shared experiences and reflections on how their organisations are responding to these rapidly changing times. They also discussed the implications of what might be “the next normal” for their respective industries.
Aligning the Value of Security with the Business
One question that the security community is asking itself is, “Were we correctly invested in security before COVID-19?” The answer is, “Probably not.”
Many industries are seeing an increase in e-commerce, which has raised awareness of the importance of being as cyber safe as possible. Since digital infrastructure is heavily relied upon, security leaders feel that it is wise to increase their investments in security, rather than decrease those budget allocations.
Although many organisations have put their hiring plans on hold and some projects have been pushed back to 2021 or later, there have been growing opportunities to expand their digital footprint, especially to keep up with competitors. Therefore, security has been asked to partner with the business to help safely and securely generate revenue to ensure that companies can survive the financial crisis, as well as the health crisis.
The value of security is hard to measure – until something happens.
The Power of Data and Analytics
Data and analytics are an invaluable part of your cyber toolkit when reporting how security is impacting the organisation’s bottom line. Information sharing is an important aspect of the creation of your data story. Security professionals should rely on statistics and examples from other countries, industries and companies to help convey critical security points to the business.
For example, regardless of your industry, you are probably experiencing:
- An increasing number of cyberattacks
- The need for more security awareness training
- Internal and external audits that are now more focused on security
- The tightening of security budgets
This crisis has taught us all that the bad guys won’t stop. Furthermore, they will go for the weakest ones first. To date, there are more than 65,000 domains related to COVID-19 that have been in the firing line for phishing attempts and that number is growing. But, by having the proper training, solutions and strategies in place, security can help decrease risk by blocking these cyber attacks. This helps the business not lose money, which also impacts the company’s bottom line.
Keeping Connected and Engaged
Increased communication is key when creating an engaged and productive work environment. An effort needs to be made to ensure both introverts and extroverts are happy in this new space since everyone has different needs.
To help achieve this goal, teams have been holding weekly meetings, hosting fun social activities such as online Bingo and Kahoot quizzes, as well as encouraging employees to call at least one colleague per day to check-in, connect and communicate.
Security training is also important, especially during the pandemic. This keeps teams engaged while sharpening their skills and broadening their knowledge base.
Learning and sharing is the best way we can tackle the current situation.
Thoughts From the Community
When asked if CISOs are becoming more collaborative as a result of the COVID-19 crisis, the panelists responded that the profession has been moving toward that objective for a while now. In fact, the group stressed that it should be a top priority for industry colleagues to freely exchange information. By sharing openly with others and providing continuous education, you equip everyone to be able to fight cyber criminals together.
Although many organisations are adjusting well to the changes caused by the pandemic, there are still consequences of the crisis that have not hit yet. The community agreed that they need to prepare for that impact and be ready to pivot once again. Happily, we have already learned a great deal from the first waves of disruption.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
