Mark Eggleston
VP, CISO & CPO
Health Partners Plans
MODERATOR
Stephen Hendrie
Senior Director & Chief Information Security Officer
Hershey's
PANELIST
Jay Weinstein
Senior Director Enterprise Networks & Security, CISO
L3Harris
PANELIST
Chris Wolfe
Security Architect
Main Line Health
PANELIST
May 2020
COVID-19 has been an undeniable catalyst for digital transformation, and the resulting changes to account for a distributed workforce have advanced that initiative by several years in the span of just a few weeks. Many organizations already had remote work capabilities and were in a position to secure a largely remote workforce, but securing this initiative on short notice did provide some challenges to overcome.
In the May Philadephia CISO Town Hall, security leaders in the area discussed their efforts to secure remote workers and navigate partnerships with their vendors and what the future of remote work and talent recruitment will be.
To set the stage for the conversation, C-suite leaders across North America participated in a survey indicating the following:
51% are continuing standard business operations at a reduced or severely restricted level
33% expect to return to standard business operations in 6-12 months
61% predict disruption in new projects and ventures
61% expect a moderate to significant decrease in revenue
This panel was moderated by Mark Eggleston, VP, CISO & CPO, Health Partners Plans. Eggleston was joined by Jay Weinstein, senior director enterprise networks & security, CISO at L3Harris; Stephen Hendrie, senior director & chief information security officer at Hershey's; and Chris Wolfe, security architect at Main Line Health.
Accelerating and Securing Digital Transformation
It’s safe to say that digital transformation has been the buzzword of the last decade in IT and cybersecurity. COVID-19 has posed a unique opportunity, out of necessity, to accelerate the rate of transformation. Many organizations had capabilities for remote work, but the biggest initiative in the wake of the stay at home orders was scaling those processes and securing bandwidth and equipment.
With evolving needs for equipment and adjustments for new technology, it quickly became apparent to CISOs who their vendors were, and who their partners were. The distinction between the two lies in the ability to work to meet the needs of the business on an ongoing basis. As cybersecurity leaders are moving from enabling secure remote work to stabilizing and optimizing for the long term, these partnerships are increasing in importance, and vendors will be replaced with partners.
It is quickly becoming apparent to CISOs who their vendors are, and who their partners are.
The Future of Remote Work and Recruitment
While many organizations have had to implement a hiring freeze, cybersecurity positions are often still being recruited for and filled. Many organizations are located in areas where it can be difficult to recruit talent; thus, the possibility of ongoing remote work is well-suited to solve this problem. Training and onboarding remotely pose operational challenges, and the onboarding process will need to be adjusted to accommodate the virtual environment.
Given that many organizations are recruiting for cybersecurity positions, the possibility of losing talent to other offers is a real challenge that could result in a higher cost of retaining talent if offers need to be matched to mitigate turnover. Since cybersecurity talent is not always located where demand exists, the possibility of a future of full-time remote work is opening opportunities for hiring to fill the talent gap.
Threat Landscape — People, Processes, and Technology
The initial stages of the COVID-19 outbreak were accompanied by increased phishing incidents that preyed upon the uncertainty of the pandemic. Security awareness training and ongoing communication throughout the organization are essential now that remote work has been fully implemented.
The effects of increased remote work on the technology supply chain have largely been mitigated by this time, but there are now more personal devices being used that need to be secured. Now is the time to revisit compliance initiatives to ensure that endpoints are secured and personal devices are patched. Paying attention to the third-party and supply chain ecosystem for threats is also imperative, as impacts to those areas can be as detrimental as impacts directly to the organization.
Thoughts From the Community
“Digital transformation” may have been the trending phrase of the last decade, but “new normal” is the phrase of the current decade. COVID-19 has forced a new framework for business operations that will last for years to come. The ability for organizations to adapt and remain productive in disruptive times cannot be overstated. Cybersecurity and IT have played a critical role in enabling the business to shift to this new operating model.
Collaboration tools and using personal devices have become cultural norms in a short amount of time. Once the immediate security needs of adjusting to remote work were addressed, CISOs were able to focus on enabling the businesses’ rapid digital transformation. Since this initiative was already in place, now is an opportune time to centralize operations and continue to support these necessary transitions.
Organizations are evaluating if they will adopt a permanent remote work policy and what the future will look like. As playbooks are iterating, it is crucial that cybersecurity leaders continue to partner with the business to determine what is feasible and sustainable.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
