New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

 The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats, they serve as control planes for improving productivity and collaboration by giving end-users easier access to more corporate resources. Microsoft recently concluded a survey of nearly 800 business leaders of companies of more than 500 employees in India (IN), Germany (DE), the United Kingdom (UK) and the United States (US) to better understand their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape the cyber-security long-term.

Among the key insights are data showing that an alarming number of businesses are still impacted by phishing scams, security budgets, and hiring increased in response to COVID-19, and cloud-based technologies and architectures like Zero Trust are significant areas of investment moving forward.

Improving Productivity & Mitigating Threats

Security and IT teams have been working overtime to meet business goals while simultaneously staying ahead of new threats and scams. “Providing secure remote access to resources, apps, and data” is the #1 challenge reported by security leaders. For many businesses, the limits of the trust model they had been using, which leaned heavily on company-managed devices, physical access to buildings, and limited remote access to select line-of-business apps, got exposed early on in the pandemic. This paradigm shift has been most acute in the limitations of basic username/password authentication. As a result, when asked to identify the top security investment made during the pandemic the top response was Multi-factor authentication (MFA).

BlueScope Steel enhances cyber security after mid-May attack

 As it shifts focus on its year-old 'Avenir' digital transformation.

BlueScope Steel says it is making “good progress” on cyber security “enhancements” following a ransomware attack in mid-May.

Chief financial officer Tania Archibald told BlueScope’s FY20 results briefing that the attack, which was first reported by iTnews, had been mitigated without “material” impact on its operations and sales.

“Many of you will be aware that in May we experienced a cyber incident which saw unauthorised parties access our network,” Archibald said.

“As a result of our ability to quickly detect and respond to the incident, we experienced no material impact on our operations and sales. 

Cyber skills in traditional security management careers

When I speak with candidates who are either leaving government roles or actively looking for a new role, I am often asked what programs or courses related to cybersecurity they could take to improve their marketability. A one-size-fits-all answer is a challenge because the operational knowledge needed by someone charged with cybersecurity is similarly broad and complex as the various accountabilities of non-technology security risk roles.

The concept of convergence of both roles whereby a single point of accountability leads the strategy and governance for all security risk initiatives can be an effective approach. While the idea has been out there for quite a while, it is still not widely utilized. There are, however, numerous examples of interdependencies that indicate a need to understand the points of vulnerabilities to best provide a cohesive, coordinated effort to limit and/or mitigate security related risks.

Candidates should gain an understanding of all elements that make up the role of a cybersecurity program leader. If they are considering a career development strategy, they can then decide the path they feel is the best personal fit. There are numerous programs and certifications available that range from an executive overview of cybersecurity to those in which you achieve deep technical competencies.

Cybersecurity functional domains can be broadly categorized in eight areas:

1. Emerging Technologies and Market Trends
2. Identity and Access Management
3. Incident and Crisis Management
4. Information and Privacy Protection
5. Risk and Compliance Management
6. Security Architecture
7. Organizational Resiliency Programs & Assessments
8. Threat, Intelligence and Vulnerability Management

There are numerous subsets, programs and processes that a CISO has responsibility to develop and execute. Current “Mind Map” models reflect those key topic areas of cybersecurity involvement as:

Business Enablement

• Mergers/Acquisitions
• Cloud Computing
• Mobile Technology