The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.

Ran Shahor, CEO at HolistiCyber

June 22, 2020

4 Min Read

Experts have written much in the last couple of months about COVID-19 and its impact on cybersecurity. From ensuring colleagues can work from home securely to defending geopolitically fueled cyber exchanges, dealing with COVID-19 has dominated the consciousness of the cybersecurity industry. 

All of this is important to deal with but is largely reactionary — that is, the issue is in front of us today. But what about the long-term view? Is it time to think about what COVID-19 means for cyber in the years to come?

I believe the answer is "yes" — but not in the way you might expect. In my mind, the long-term view of cybersecurity can be boiled down into a single word:  flexibility.

The Big Picture: Cyber Defense Is One Piece of the Puzzle
Let's take a step back from cyber and look at the world around us. COVID-19 is changing the way in which we do business and the way in which we live our lives. It is affecting the way we interact with the environment and with each other. For example, in our day-to-day lives, we have seen cash transactions disappear while online deliveries are booming. Even when shops open, they are set to be little more than window dressing, while restaurants have become well-appointed delivery kitchens. Transportation may never be the same again. Entertainment and sports are now consumed digitally almost exclusively.

From a business perspective, this means some industries are struggling and may even disappear, while entire new sectors are being created from scratch. Offices are closing, in some cases permanently, while IT departments scramble to transition their centralized key assets to a more accessible cloud delivery model. Communication and teamwork now require a completely new set of skills and technologies. In terms of the workforce, record levels of government intervention and furlough schemes have shifted the fabric of society beneath our feet.

A Unique Opportunity
For those of us in cybersecurity, this maelstrom of change presents a unique opportunity to tear up the "security-as-a-blocker" stigma, and instead become enablers. The world has been hit with an evolutionary event — and if we think about businesses it is no longer survival of the fittest, but survival of those who can adapt the fastest — and also the most securely.

When a company is facing existential decisions over its business model to adapt to a post-COVID world, cybersecurity should not — indeed cannot —afford to get in the way. Instead, we need to ensure we can operate in an agile way, and adapt to whatever the world and its new ways of life entail. In practical terms this may mean several changes — for example, forging stronger relationships across the organization. This will help us to better understand what may be a rapidly changing business as a result of COVID-19, and to make sense of the critical assets and risks that underpin it. On the technical front, as another example, adopting a DevSecOps approach can introduce security at an earlier stage of the application development life cycle. Again, this serves to bring security closer to the business objectives. 

Cybersecurity as a Business Enabler
But this isn't just about taking the opportunity to reposition cyber away from being a "blocker." There is also an important message here to deliver to our organizations about cybersecurity as an active enabler. Yes, it's true — those businesses that adapt to a post-COVID world may thrive… for a short time. However, those that can adapt securely will be well positioned for sustainable competitive advantage, leading to long-term success.

To achieve this, there are practical steps that cyber teams can take now. COVID-19 represents an opportunity to reach out across the organization, such as setting one-on-one time with stakeholders in different business functions, outside the usual risk reporting lines. Ask about their world and how it is changing, and what they expect the major trends and business moves to look like post-COVID. While building relationships is always beneficial, this should also be an opportunity to ensure that cybersecurity can contribute from the outset.

Next, security teams should be ready to add flexibility into their assessments. The rapid pace of change brought about by COVID-19 will introduce vulnerabilities into the business logic, the technology, and the people that work within the organization. We can't stop the business while we fix everything — so we must be ready to adapt.

In summary, while the long-term COVID-19 outlook and what it means for the world is unpredictable, this, in fact, leads to clear security advice that we can all start with today: Be more flexible.

Related Content:

 

 

 

 

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

About the Author(s)

Ran Shahor

CEO at HolistiCyber

Ran Shahor is the CEO and co-founder of HolistiCyber. He is a Brigadier General (Ret.) who founded the leading-edge cybersecurity program of the Israeli Defense Forces Intelligence branch. After 27 years of service, Ran had multiple leadership roles in the private sector. Prior to co-founding HolistiCyber, Ran was the founder and the Co-CEO of Focal Energy (clean energy power plant). Previous to Focal Energy, Ran was a Managing Partner of Star Ventures, a $1 billion global venture capital group. Ran started his career in the elite IDF special forces which he also commanded. Ran received a LL.B. and MBA from Tel Aviv University.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights