When we set out to write this issue of the magazine our main goal was to understand the lessons learned from 2020 from the perspective of our CISO community. To no surprise, almost every CISO we spoke with this year since COVID started, told us their biggest challenge was managing the newly remote workforce. Many of them said their now almost 100% remote workforce was unprecedented, with some feeling prepared while many scrambled to adjust.
Scalability was one of the biggest concerns, with CISOs rapidly creating more robust remote infrastructures. Capacity upgrades with additional VPNs was crucial to address employees now working from home. With intrusion prevention and detecting potential DDoS attacks top of mind, security teams ensured the home networks of their employees were secure and stable.
The additional layer of developing new security controls around a more secure remote infrastructure required extensive amounts of time for some security teams.
One of the most important elements in undergoing a rapid transition to a secure remote workforce is establishing a strong strategy to support the business and adhere to security protocols. We spoke with many CISOs who felt their organization had a strong foundation already in place, resulting in a steadfast plan of action.
For organizations who were already 100% cloud-based, many said there were some concerns around scalability, but overall they were already prepared for an entirely remote workforce. These CISOs had an advantage and many of their peers relied on them for advice.
FOCUS ON EDUCATION
Educating the entire workforce was something almost every CISO we spoke with said they had to focus on more than ever before. Many employees had not used remote technologies before or have limited knowledge or practice with multi-factor authentication. CISOs had to come up with training and education plans to communicate with every employee and make sure they were given adequate instruction on making these technical adjustments. Many CISOs already had security awareness and training programs in place, but had to shift education topics that were more relevant to their workforces during COVID.
Not only did the non-security or non-IT employees require training, but many security teams had to ramp up their staff trainings. These trainings included cloud, mobility management, remote connectivity tools, among others, to help support their new strategies and focus areas.
We have included some trending stats collected through the multitude of CISO interviews we conducted this year.