CISOs have become an integral part of the transition to hybrid work environments, as companies look to securely connect remote workers to sensitive corporate data while maintaining maximum productivity, according to a virtual panel of multinational CISO's hosted by Proofpoint last week.
The evolving threat of a criminal ransomware attack is a major concern, according to CISOs speaking on the panel. Two-thirds (64%) of CISOs fear their companies are at risk of a major cyberattack over the next 12 months, according to Proofpoint survey of 1,400 CISOs.
"What you're starting to see is the CISO is more and more part of the core business conversation and is seen as a business enabler," Paige Adams, global CISO at Zurich Insurance, said during the panel discussion. "As more and more companies are adopting cybersecurity as a core part of their strategy, the CISO is more often having a seat at the table."
Organizations ask their CISOs to secure a wide attack surface against some of the most advanced cyberthreats to ever face the enterprise, according to the panel. Corporate boards are demanding regular updates on the latest threats, while simultaneously asking CISOs to make sure workers meet business objectives in the most secure manner possible.
Prior to the pandemic, Zurich Insurance made investments in anticipation of a more collaborative work environment, including cloud-based VPN tools, according to Adams. Moving forward, CISOs will no longer be able to rely on traditional network protection mechanisms, but will have to make decisions based on the need to secure a mobile, remote workforce, Adams said.
The healthcare industry, for example, has seen explosive growth in the use of telehealth by physicians that were previously reluctant to use the technology, according to Martin Littmann, CTO and CISO at Houston-based Kelsey-Seybold Clinic, speaking on the panel.
The scale and operational changes in how to service patients opened new demands on both productivity as well as maintaining secure connections to protect confidential medical data.
"We had to quickly ramp up the need for more licenses and provide education around multifactor authentication for those who had not done it before," he said.
Littmann has grown increasingly concerned about the ransomware threat, citing a prior attack on a local hospital system in Houston. CISOs have worked to share information with each other about how to protect organizations against ransomware attacks, he said.
The focus over the past few months has been on how to backup data as a method of protecting against ransomware and extortion.
"We do multiple copies on multiple systems with multiple administrator accounts and multiple keys so no one piece of data, no one set of backup copies can be taken and ransomed by itself," Littmann said.