28 Aug Information Security Governance In The New Normal
On August 27, 2020, Disini Law in partnership with the Digital Freedom Network (DFN), hosted the webinar Infosec Governance In The New Normal as part of the series Digital Transformation Thursdays (DTT). This episode of DTT discussed the challenges, the principles that underlie information security (infosec), and the means to achieve them in the New Normal.
The New Normal has forced a merger of our personal and our work lives. Work-from-home (WFH) arrangements are now standard for many companies leading to the reorganization of the office infrastructure over a broader physical space but tethered together by public infrastructure and the protocols that run the Internet. Resources designed mainly for recreation have now been pressed into service for commercial use. As a result, the security risks for all of these firms have risen exponentially. Home wi-fi networks have weaker security protocols and do not enjoy the same level of safety afforded by enterprise networks.
Kamesh Ganeson, Chief Risk Officer of Megawide Construction Corp, imparted his knowledge on Information Security as a governance matter for both organizations and small and medium enterprises. Kamesh illustrated how organizations have become more vulnerable during the pandemic and the shift to WFH setup. Business priorities overtaking cyber security, reduced IT and security support staff, technology capacity limitations, and psychological stress and panic were cited as some of the main challenges being faced by organizations. Failure to adapt to the status quo can expose companies to information security issues such as remote user credential theft, phishing emails with malware, malicious websites, and Zero-Day Attacks.
As such, Kamesh shared a detailed overview of the strategies organizations can take which includes teleworking solutions, external perimeter protection, cloud services, secure collaboration tools, cybersecurity policy, the Bring Your Own Device Policy (BYOD), the Cyber Incident Breach Response (CIBR), cyber-attack financial protection and recovery, and cyber operations. He also talked about a 3-tiered technical approach to information security that companies alike can adopt, particularly in the short-term, medium-term, and long-term.