Today’s senior leaders in business and information technology continue to strive to remain cyber secure and resilient to stay several steps ahead of cybercriminals. Most Chief Information Security Officers (CISOs) have come to terms with the fact that cyberattacks have become an inevitable and undeniable truth for all enterprises at every level, size, industry, and sector.
Amid the ongoing COVID-19 pandemic, cybersecurity professionals face the additional and even more complex concerns of managing and securing a remote team’s devices and systems no matter where they are and under what conditions they operate.
According to Comparitech, Ransomware attacks in 2020 cost companies an average of 16.2 days of downtime and lost time for operations, leaving SaaS CISO leaders struggling to make up for that lost time. Further, only 97% of data is recovered after a cyberattack. While some think that’s a strong number, any loss of data leaves customers and the public losing trust in a business.
North of the U.S. border, Canada has demonstrated a strong post-pandemic strategy geared toward peak resiliency. Companies that have emerged unscathed due to resiliency focused on a change of mentality. One Montreal startup called Heyday AI began offering chatbot technology to retail stores that were no longer able to communicate with their customers in-person. The most successful SaaS models were those that allowed for swift and meaningful change.
CISOs and SaaS leaders who need concrete ideas in being cyber secure and resilient might explore the following four ideas.
1. Provide Adequate Funds for Cybersecurity
No enterprise can afford to take cost-saving shortcuts when it comes to cybersecurity. Business leaders can look for the best deals in the marketplace. Still, organizations must prioritize this investment since, according to Computer Weekly, the cliche holds that it’s not a matter of if a business will suffer a cyberattack; it’s a matter of when they will suffer an attack.
Further, it’s a matter of how much damage a hack could do. The article also shares that major intelligence and software organizations fall short on prioritizing and allocating sufficient budgetary resources to ensure threat prevention and mitigation.
2. Adjust Perspectives on Cybersecurity to Accommodate Remote Work Scenarios
With ongoing concerns regarding COVID-19, many employees continue working remotely and most often from home. Whether due to government mandates or personal choices, employers find this solution reasonable. However, they need to ensure security for their devices and various data, including customer, intellectual, employee, and other confidential information. Many employees use personal laptops, smartphones, tablets, printers, and other devices — a policy known as Bring Your Own Device (BYOD).
BYOD allowances and policies started long before remote work became a significant factor, long pre-dating the coronavirus pandemic. While allowing employees to use their personal devices, saving the company money in hardware costs, it also leaves everyone open to potential data breaches if the devices are not properly secure. CISOs and senior leaders need to create and enforce strict data protection policies and provide adequate security measures like virtual private networks (VPNs) and network security tools.
3. Update Cybersecurity Guidelines and Provide Security Training to Team Members
Updating cybersecurity guidelines benefits everyone, from the IT team to each employee. It allows IT leaders to take a hard look at the current state of security and make adjustments before ensuring all employees are on board to help keep the computing environment safe. Employees can learn about common cybersecurity mistakes and how to avoid them in a friendly online community environment.
In a no-pressure environment, everyone feels comfortable asking questions about managing passwords, using authorized collaboration and mobile apps, storing and accessing sensitive data, and securing corporate hardware. It also gives IT insights into which employees understand the risks and those who might need additional focus on collaboration to ensure everyone’s computing capabilities.
How have your SaaS CISO leaders dealt with cyber resiliency amid COVID-19 and otherwise? We would love to hear about your experience in the comments below!