What a crazy world we live in – employees working from home, “dirty” personal devices being used to access corporate data, furloughed employees still maintaining corporate IT assets and access – all while the quantity and variety of cyberattacks and fraud is drastically increasing. Corporate security executives have never had a harder set of challenges to deal with.
Source: Security executives succeeding in the chaotic coronavirus world
What is your greatest security concern right now?
The collective response to this question is that security executives are most worried about the increase in phishing campaigns and fraud, especially with distracted employees who aren’t as diligent with security hygiene while working from home. As one executive stated, “My greatest concern right now is social engineering resulting from cyberattacks on people wherever they are. High stress means reduced cognitive functions, so attackers may find it easier to do social engineering, which opens the door to everything else.”
Other major concerns include mitigating the impact of an increased attack surface and the need to enhance remote access controls to make certain organizational security levels are met despite a large majority of employees working remotely. For example, one executive further explained that she was most focused on mitigating the impact of this increased attack surface, particularly enhancing remote access controls such that the organization would be secure even if 100% of the employees were now remote. Enhancements to firewall, NAC, DLP and other solutions were required. Vendor risk also was a much greater concern for this executive, with third parties potentially now more vulnerable.
Virtual CISO and Security Advisory – Download a #vCISO template!
Virtual CISO and CISO – Checkout a vCISO/CISO latest titles
10 Tenets of CISO Success
httpv://youtu.be/L0uQplBNTt4
, ever-increasing regulations, and the potential effect of brand damage on profits has made 
a mainstream board-level issue. It has never been more important for 
and processes to be in line with business
feel they are being heard, business leaders admit they aren’t listening.
with business priorities will be much easier.
are the common factor understood by both sides and could be used as the primary driver in this alignment. The reality, however, is this isn’t always happening
s to better understand the use of metrics to communicate with business leaders: why metrics are necessary; how they can be improved; what are the problems; and what is the prize?
/
, 
s, Proxies, or any other solution you have actually do. They only care about the level of risk in the company.”
impact specific 
.
that business leaders understand. This can be used to start the process for each side to learn more about the other. Business will begin to see how security reduces risk, and will begin to specify other areas that need more specific protection.
and information stored, processed, or transmitted by the organization. These departments and these leaders tend to provide metrics that focus on their tactical duties rather than business drivers that concern the board/C-suite.”
. Logins, blocked traffic, transaction counts, etc… but most do not map back to business objectives or are explained in a format business leaders can understand or care about. Good metrics need to be tied to dollars, business efficiency shown through time improvements, and able to show trending patterns of security effectiveness as it relates to the business. That’s the real challenge.”
and president-elect of ISSA. “That is a mistake, because security is our job. We need to better understand the business, so that we can articulate the impact of not applying 
. The key to this whole approach is for the CISO to understand the business, and to understand the mission and goals of the business.”
