CIO, CISO and COVID-19

The COVID-19 outbreak was declared a Public Health Emergency of International Concern on 30 January 2020 by the WHO. Since then it has now mutated into a PANDEMIC affecting every person and business across the globe. For many, this is the first experience of disruption caused by a pandemic.

Businesses that have well-formulated business continuity (BC) and disaster recovery (DR) strategies that include pandemic emergencies may have by now activated their business continuity plans (BCP). Let me pause here for a moment, reassessing business priorities, the foremost at this point in time will be to protect all critical and vital assets of the business so we can bounce back quickly as soon as the coast is clear.

In a pandemic, the key resource that needs to be protected is people. Humans are highly vulnerable to diseases; businesses need to have a robust strategy that will make sure all their employees are not only well protected but also demonstrate that they are cherished. Businesses need people when they recover from the disaster and always having experienced employees back at the shop can assure a quick return to profitability.

So far so good but what is the role of a CISO in protecting people? You may ask. The CISO and the CIO now have a greater role to play in keeping the business continuing and all personnel safe. This COVID-19 pandemic has been a great catalyst in forcing businesses to adopt digital transformation. Business leaders have now been cornered to embrace technology to remain relevant in a world that was brutally turned on its head.

Testimony to the rapid adoption of technology is now glaring on our faces. Online schooling, telecommuting for work, virtual meeting rooms are some of the best uses of technology we are experiencing these days. These texperiences (experience resulting from the use of technology) have been indirectly thrust upon us to keep ourselves safe (#stay home stay safe, people!!). In my humble opinion, these are going to be the new normal and I am delighted that I am not alone in this stand.

In a recent interview with LinkedIn Editor Daniel Roth in the weekly podcast “This is working”, Bill Gates had re-emphasized on the “new normal” that we all need to accept as part of our living, further he also spelled out the future, he says we will soon see even virtual courtrooms and virtual legislature.

All the above said, let us turn our attention back to our duo (the CIO and the CISO). They are now tirelessly working behind the scenes helping businesses transform at a pace that is dictated by an unseen force. I deliberately rephrased the above sentence which was otherwise reading “they are working tirelessly helping businesses survive a disaster caused by an unseen force”. This duo and their team of unsung heroes are not only protecting people (the most prized possession of the business) but also the digital assets from opportunistic hackers and other bad actors. They have made sure of business continuity by means of remote work access to all key personnel, providing secure access for financial transactions and commercial activities. They are also making sure that critical data is kept confidential without affecting its integrity and making it available on time to all those who need to access it.

It is less said, but a crisis of this magnitude will put businesses through a stress-test, and many have started to crack. The usual knee-jerk reaction by business leaders is to cut cost and unfortunately, most of them with a short-sighted business strategy start to lay-off people. The first in line to be fired are typically the support staff and the majority are from the information technology department which also includes the valiant CISO. Yes, typically the CISO is let go and the CIO is expected to take on those responsibilities. Business leaders do not realize the effect of this decision until it is too late.

We cannot blame these business leaders as they take such tough decisions only after exhausting all other options before bundling out many of these heroes. It’s quite sad though, many of these heroes have risked their lives to keep businesses going, unmindful of the hazards they face in the datacenters that include being a conducive environment for transmitting coronavirus family of viruses.

About the author

Sudhakar S Narayan is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified lead auditor in ISO Information Security Management System (ISMS) and ISO Business Continuity Management System (BCMS). He has more than two decades of experience in Information Security, Information Systems Audit, data protection, data privacy, business continuity and disaster recovery.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top