The extraordinary efforts of many organizations to protect workers and serve customers during the COVID-19 pandemic have also increased their exposure to cyberthreats. Large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services all present fresh openings, which cyberattackers have been quick to exploit.
The overarching challenge for chief information-security officers (CISOs) and cybersecurity teams will be protecting their institutions while enabling operations to go on without interruption. For example, cybersecurity teams at companies that provide web-based services to consumers must adjust their security programs to match scaled-up operations while securing a massive shift to work-from-home tools. At the same time, CISOs must make it possible for security-team members to look after themselves and their families during a health crisis.
Addressing these diverse and sometimes competing needs at once won’t be easy. But recent conversations with cybersecurity leaders suggest that some governing principles are helping them meet the challenge. This article recommends four such principles: focusing on critical operating needs, testing plans for managing security and technology risks, monitoring for new cyberthreats, and balancing protection with business continuity.
This appeared in the McKinsey Group (https://www.mckinsey.com/business-functions/risk/our-insights/cybersecuritys-dual-mission-during-the-coronavirus-crisis?cid=other-eml-alt-mip-mck&hdpid=37ca2ac9-1fd2-48e6-8096-0b133f41946e&hctky=12064731&hlkid=f74a5df7908348ceb56167f008b0860c#)