In the aftermath of the Covid-19 pandemic, the number of cyber-attacks increased significantly, prompting technology leaders to come up with new security strategies to protect and evolve their business. In this debate, technology leaders discuss what they have learned over the last two years with hybrid working, highlight the security needs of their business and what this means for their 2023 security strategies.
With Juliette Foster moderating, the speakers of this roundtable debate include:
- Mark Guntrip, Sr Director, Cybersecurity Strategy, Menlo Security
- Brian Brackenborough, Global CIO, Channel 4
- Adnan Ahmed, Head of ICT and CISO, Ornua
- Chuks Ojeme, Global CISO, Brenntag
- Ronald Martey, CISO, GCB Bank Plc
- Lalit Trivedi, Head IT & CISO, ITI Mutual Fund
Security strategies and the business
Everything changed after the pandemic according to Senior Director of Cybersecurity Strategy at Menlo Security, Mark Guntrip. He argued that the way processes used to work in the past no longer applies to the current working environment today. This includes the idea that some people work in the office while others choose to work elsewhere. Mark argued that despite this sudden change, organisations around the world did whatever they had to in order to function and operate in a hybrid workspace.
“Now, we’re a little bit more stable in terms of what we’re going to do and how people are going to work”, he said. Technology leaders, in his view, need to optimise their processes again. Mark believes that they need to provide two separate solutions for those working in the office and those working remotely.
“What we learned is there needs to be some flexibility and obviously remote working is here to stay”, said Global CIO at Channel 4, Brian Brackenborough. In agreement with Mark’s views, Brian argued that employees needed “frictionless computing” in the office to connect to systems and work seamlessly. “It was our responsibility to be able to provide that whilst keeping all the data safe and secure”, he stated. Security strategies need to be adapted to this way of working, in his view, in order to produce these seamless results.
Before the pandemic began, remote working was seen as a luxury rather than a necessity.
Adnan Ahmed, Head of ICT and CISO at Ornua, argued that it is now a central part of the job. “I haven’t seen any organisations here in Ireland who are saying you have to come back five days a week”, he said.
From a security perspective, things have changed dramatically in Adnan’s view. Before the pandemic, technology leaders looked for security from within the parameters of their office environment. Now, people could be working anywhere in the world. Technologists need to make sure that the security tools they bring forward are complying with different security risks.
In an example, Adnan stated that they used to block countries they believed were the source of phishing attacks. This cannot continue in the current environment as Adnan pointed out that any one of their employees could be working from anywhere in the world.
“You need to make sure that you adopt a technology as per the business needs”, he stated.
Rather than enforcing technology that isn’t going to work, Adnan explained that technology leaders need to adopt technology based on the current and future business requirements. Given that the work environment has changed drastically, tools and applications need to be more accessible for workers.
Lalit Trivedi, Head IT & CISO at ITI Mutual Fund, argued that security compliance has become more strict nowadays.
He believes that technology leaders “cannot give any excuses to the business”. His solution is to create and utilise what he calls “foolproof technology” in order to provide complete security to the business. This would allow employees to safely share data whether they are working from the office or remotely. Lalit pointed out that technology is not enough these days. Technology leaders and their teams need to “upgrade their knowledge”.
Innovation and security strategies
Moderator Juliette Foster asked Global CISO at Brenntag, Chuks Ojeme, whether hybrid working helped him become more innovative.
“The remote working or the hybrid working environment brings security straight to the board”, said Chuks. He argued that nowadays, technical or business decisions cannot be made without bringing security into the process. Technology leaders need to understand how the solution they use, paired with the right strategy, is going to impact users. This includes finding out how it will be hosted: “Is it on-premise or is it the cloud?”.
Overall, Chuks stated that this brought security to the C-Suite environment and made everyone responsible. Viewpoints are shifting according to Chuks: “It’s no longer the afterthought system that it used to be”.
While seen as a positive concept, he argued that technologists need to tackle the security implications that this may bring. Now that processes are no longer solely on-premise, more connections are being opened, requiring more effective security strategies. On the other hand, Chuks explained that incorporating information security in every aspect of business strategy is considered a win for the security team.
Lessons learnt from hybrid working
In agreement with his fellow speakers, CISO at GCB Bank Ronald Martey stated that hybrid working has brought about more flexibility. “I think it improved productivity as well”, he said. In an example. Ronald pointed out that people spend up to two hours commuting to work. With the increase of people working from home and taking on more flexible roles, they were able to use that time more productively.
While this has its benefits, Ronald argued that this comes with a “myriad of challenges” for employees. This includes securing home networks, configuring shadow IT and lacklustre patching of endpoints, especially into laptops. Now, Ronald stated: “I’m starting to think out of the box with my team”. One of the key projects he worked on with his team included onboarding a platform on cybersecurity content to “train people on the go”.
The platform constantly assessed training and managed employee progress. He added that the main lesson he learnt from hybrid working and the pandemic was upskilling his team and coming up with innovative ways to train them.
This roundtable was recorded at The Studio and made in partnership with Menlo Security.