What Kind of Cybersecurity Leader Are You?
Today we see a shift due to COVID-19, which has led to more remote users requiring access to more business resources. Video conferencing is clogging up networks. Servers are straining under the volume of remote requests all coming in at the same time. As a result, cloud transformation projects are being accelerated to meet these capacity needs. I suspect that in some cases, GDPR policies are being broken, as access requirements to data are having to change on a dime to ensure the business continues to function.
When eventually the crisis subsides, the new norm for work, I believe, will likely be a hybrid of the remote worker and the way office life was prior to COVID-19. Hopefully, we will maintain the better parts of the work-life balance that technology enables and circumstances have temporarily enforced.
As such, my prediction is that the long-term business digital risk profile will look different. This means that what we do now during the current crisis can and should be the foundations for the longer-term cybersecurity strategy of the business. But we must be agile and adaptable. Change happens in challenging times. There’s often a common sense, business-like status quo – and crisis challenges it. We typically only make seismic shifts when they are forced upon us.
As leaders in the digital space, we are used to dealing with both binary zeros and ones and shades of infinity. The current moment is binary. You’re either a CSO who is prepared for a crisis and uses it as an opportunity to shine, or you’re not up to the challenge. If you’re shining, you’re ready to move your own department’s agenda forward to better secure the business, which means quickly adapting and shifting to address short-term business needs, but also ensuring that what you do has longer term value, so you don’t lose sight of the longer term strategy.
Some years ago, I did some psychology training around what is known as provocative therapy. Its goal is to challenge the stuck state we all so easily fall into. This can be rooted in phobias, fears or simply our perceptions of what is normal. If you haven’t explored this, it’s good people skills development.
Find the time to have a team call and challenge your own team on what the future will look like. Are they in a stuck state? Do they need prodding to change their beliefs? If they are telling you things will go back to how they were before, you need to provoke them some more. Quite simply, I would challenge them with the idea that there is no going back – that is part of digital evolution, how societal situations shift our perceptions and therefore the realities behind them. Remember, everyone on your team is an ambassador of how cybersecurity empowers the business.
Work with your team to ensure you’re moving forward, rather than failing to address the current changes. It really is that binary. Ask yourself which kind of CSO you are and what you are doing to prove that to the business teams you work with and support.
Always have your wishlist ready to go. Consider how it aligns to your organization’s goals, both short-term and long-term. Look for signs of shifting priorities. A crisis is one clear example of this.
When crises occur, consider how you identify the changes they bring to your organization’s risk profile. What are the timescales in which the business demands this insight?
As you go through any crisis, take time to consider the lessons learned. How do you apply this to your longer-term strategy?
Look out for the seismic shift. We are in one now, and I’m sure it won’t be the last. However, I really hope future shifts aren’t as negatively impactful on society. When seismic shifts happen, ensure you are ready to step up. Adapt, but also be prepared for the long-tail changes these shifts bring to how we work digitally so you can get ahead of the business risks.
Use this as a time to gather your own team and challenge their perceptions and beliefs. Spend some time helping them consider how this impacts their roles and the business around them.