5th e-Crime and Cybersecurity Nordics
20th May 2021 • Online
Re-structuring enterprise security: new problems, new priorities
Workplace and business model changes now dictate CISOs' plans. How can they regain control?
For years, CISOs have wished that the Board and the business paid more attention to cybersecurity.
In reality, it often took a breach to focus firms on security, and for many it has taken the pandemic, and the sudden need for digital transformation that it creates, to truly reveal the extent of the security threat.
But this sudden push for ‘e-Everything’ may not deliver quite the focus on security cybersecurity professionals want from their companies.
Certainly, security will get tougher: organisations are expanding their attack surfaces, and becoming ever more dependent on digital interfaces and processes for their core business and other activities. They are also more reliant on digitally exposed third-parties, and now must worry about their suppliers of security software.
But just as importantly, the business need to roll out these new digital products, services, support and logistics services, in some ways puts control of the security process outside the CISO’s domain: if it was hard to get the business to build security in before, it will be much harder now.
So, what does this mean in practice and what can CISOs do about it?
Business demands for new functionality immediately mean a sudden jump in Cloud and SaaS applications, not necessarily bought with the CISO’s say-so or even knowledge. New e-Commerce and payment platforms suddenly appear, along with new marketing websites. Mobile apps are bought in from third-parties; or perhaps a small department responsible for some small proprietary coding projects suddenly become the app development team – and now reports to the CIO and the business heads. The ideals of SecDevOps take a back seat to getting products up and running as fast as possible.
And all of this is still being done mostly by remote CISOs running remote teams, by SOCs overloaded with alerts and with the SolarWinds hack reminding them that the enemy could be their own security stack.
So how can CISOs maintain acceptable levels of cybersecurity in this environment? What are the priorities and what is just nice-to-have?
The 5th e-Crime & Cybersecurity Congress Nordics will take place online and will look at how cybersecurity teams are tackling the new normal. Join us for real-life case studies and in-depth technical sessions from the security and privacy teams behind some of the world’s most admired brands.