As the COVID-19 pandemic threatens to overload the healthcare system and global economy – it is also having a powerful impact on the security of businesses of all sizes.
The U.S. Department of Homeland Security issued an alert April 8th warning that cybercriminals are increasingly exploiting the COVID-19 pandemic to target individuals, small and medium businesses, and large organizations. Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware. They are taking advantage of our need for information about loans, aid, PPE, coronavirus alerts, and all sorts of communication related to the pandemic.
It is no coincidence that some of the first major computer threats were called viruses — they spread in ways that look like biological agents, with similar strategies for infection and reproduction.
Businesses of all sizes must confront an ever-greater scope and intensity of cybersecurity threats, which requires an increasingly broad and deep skill set to manage those threats. SMBs and enterprises alike also face new security-related compliance challenges, as well as, growing competitive pressure to protect customer and partner data.
Any business would benefit from a high-level security expert to manage critical business functions and/or achieve and maintain regulatory compliance. An increasingly popular and flexible solution is to utilize a Virtual CISO or “CISO as a Service”. You may enhance the skills of your existing team with an extensively trained and experienced CISO-level executive to initiate strategic planning and operations and offer high-level investigative expertise. They have the knowledge and experience to drive all aspects of security polity while overseeing your security infrastructure. With SMBs currently outsourcing core specialist functions from HR to IT, why not InfoSec?
Thanks to today’s connectivity, a Virtual CISO can operate just like an “on-premises” CISO role minus the full-time physical presence requiring office space and other associated costs. Like any outsourcing arrangement, contracting for a Virtual CISO helps strengthen your focus on your core business. It also helps you get the most from your current security investments and skills.
Risk aversion also comes into play. Hiring a key employee is a big decision and a major investment. An underperforming C-level employee can cost a company up to five times their salary. When an employee is underperforming in a key cyber security role, the results could be devastating to any size company. A Virtual CISO can be a very low-risk investment since you have the option to enter an agreement that is project-focused or using a fractional block of time. You are able to immediately address security concerns by putting a vCISO in place while keeping an eye on your budget.
Choosing this option also eliminates transitional risk incurred by leaving this senior leadership position unfilled as you undertake an exhaustive search that could take six months or longer in today’s market. In the meantime, your company faces threats every day.
Be aware of flexible options that will best suit your company’s immediate and long-term cyber security requirements and remember that good cybersecurity is proactive – especially during this trying time.
Author: Dee Baebler, Cybersecurity Advisor providing Continuous Compliance, Security & Cyber Risk Mitigation.