What's next? CISOs weigh in on COVID’s long-term effects on security

CISOs are looking ahead to see how their security organizations need to work post-COVID. Here's what they expect.

A shield protects against COVID-19 coronavirus-related threats.
Loops7 / Getty Images

As lockdowns ease, CISOs are looking ahead at how their teams operate and how they protect employees and assets. The most likely change is permanently supporting more work-at-home employees. According to a report released in April by (ISC)2, 96% of organizations had moved at least some of their staff to remote work, with nearly half of them shifting all employees out of the office.

The crisis is also an opportunity to rethink overall security strategy and plans, including technology choices, collaboration with the business, and security education and training.

Remote working will be permanent for some workers

A Gartner survey found three-quarters of businesses expect at least 5% of their workforce who previously worked in company offices will become permanent work-from-home employees after the pandemic ends. Rafael Narezzi, CIO/CISO at renewable energy asset management firm WiseEnergy predicts this will have a long-term effect on the physical footprint of businesses, which will mean longtail effects for how CISOs manage people. “When we come back, everything is going to be different and I don't think the office is going to be in demand,” he says. “My company [was] looking to expand to a bigger office, and now they are asking if we need a big office.”

Narezzi believes that being able to quickly transition the business to remote work because the provisions were already in place not only justifies past spend but can also help strengthen future arguments. “My team has been working hard for a year to transition everything to work anywhere, everywhere. The business recognize[s] that all the money that we asked for -- to protect the business, to enable the business to work anywhere, everywhere -- the results for the company are there and the return on investment is justified.”

To continue reading this article register now

The 10 most powerful cybersecurity companies