Being Cyber Secure & Resilient for SaaS CISO Leaders - Ascent Conference Being Cyber Secure & Resilient for SaaS CISO Leaders - Ascent Conference

Being Cyber Secure & Resilient for SaaS CISO Leaders

Today’s senior leaders in business and information technology continue to strive to remain cyber secure and resilient to stay several steps ahead of cybercriminals. Most Chief Information Security Officers (CISOs) have come to terms with the fact that cyberattacks have become an inevitable and undeniable truth for all enterprises at every level, size, industry, and sector.

Amid the ongoing COVID-19 pandemic, cybersecurity professionals face the additional and even more complex concerns of managing and securing a remote team’s devices and systems no matter where they are and under what conditions they operate.

According to Comparitech, Ransomware attacks in 2020 cost companies an average of 16.2 days of downtime and lost time for operations, leaving SaaS CISO leaders struggling to make up for that lost time. Further, only 97% of data is recovered after a cyberattack. While some think that’s a strong number, any loss of data leaves customers and the public losing trust in a business.

North of the U.S. border, Canada has demonstrated a strong post-pandemic strategy geared toward peak resiliency. Companies that have emerged unscathed due to resiliency focused on a change of mentality. One Montreal startup called Heyday AI began offering chatbot technology to retail stores that were no longer able to communicate with their customers in-person. The most successful SaaS models were those that allowed for swift and meaningful change.

CISOs and SaaS leaders who need concrete ideas in being cyber secure and resilient might explore the following four ideas.

1. Provide Adequate Funds for Cybersecurity

No enterprise can afford to take cost-saving shortcuts when it comes to cybersecurity. Business leaders can look for the best deals in the marketplace. Still, organizations must prioritize this investment since, according to Computer Weekly, the cliche holds that it’s not a matter of if a business will suffer a cyberattack; it’s a matter of when they will suffer an attack.

Further, it’s a matter of how much damage a hack could do. The article also shares that major intelligence and software organizations fall short on prioritizing and allocating sufficient budgetary resources to ensure threat prevention and mitigation.

2. Adjust Perspectives on Cybersecurity to Accommodate Remote Work Scenarios

With ongoing concerns regarding COVID-19, many employees continue working remotely and most often from home. Whether due to government mandates or personal choices, employers find this solution reasonable. However, they need to ensure security for their devices and various data, including customer, intellectual, employee, and other confidential information. Many employees use personal laptops, smartphones, tablets, printers, and other devices — a policy known as Bring Your Own Device (BYOD).

BYOD allowances and policies started long before remote work became a significant factor, long pre-dating the coronavirus pandemic. While allowing employees to use their personal devices, saving the company money in hardware costs, it also leaves everyone open to potential data breaches if the devices are not properly secure. CISOs and senior leaders need to create and enforce strict data protection policies and provide adequate security measures like virtual private networks (VPNs) and network security tools.

3. Update Cybersecurity Guidelines and Provide Security Training to Team Members

Updating cybersecurity guidelines benefits everyone, from the IT team to each employee. It allows IT leaders to take a hard look at the current state of security and make adjustments before ensuring all employees are on board to help keep the computing environment safe. Employees can learn about common cybersecurity mistakes and how to avoid them in a friendly online community environment.

In a no-pressure environment, everyone feels comfortable asking questions about managing passwords, using authorized collaboration and mobile apps, storing and accessing sensitive data, and securing corporate hardware. It also gives IT insights into which employees understand the risks and those who might need additional focus on collaboration to ensure everyone’s computing capabilities.

How have your SaaS CISO leaders dealt with cyber resiliency amid COVID-19 and otherwise? We would love to hear about your experience in the comments below!

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or contact@ascentconf.com.