Clarity During Crisis: Navigating Change in the Financial Sector
June 11, 2020 • The Recorded Future Team
There’s much wisdom to be gained from security leaders on the front lines. Their diverse experiences can help us all understand and overcome the challenges we’re facing — particularly as we navigate this time of significant change.
Recorded Future’s “Clarity During Crisis” executive dialogue series is a collection of personal conversations with an all-star lineup of cybersecurity leaders from across several industries. They each share their unique insights on the state of security, as well as powerful stories of decisive leadership, and some hard-won lessons they learned along the way.
They covered a lot of ground — from Saeed’s powerful story of leadership during the 9/11 tragedy, to how his security organization weathered regulatory uncertainty through the global financial crisis in 2008, to his experience driving numerous IT security program transformations to protect against evolving threats and enable the business.
Following are just a few of the many topics covered. You won’t want to miss the entire thought-provoking conversation, which you can watch on demand here.
Leadership During Times of Crisis
Within a few short weeks, the roles and responsibilities of security leaders have shifted dramatically — testing their ability to react swiftly and decisively.
“I’ve always been a student of crisis, and never a teacher of what comes out of crisis, because I think crises make stronger leaders,” said Saeed. In the discussion, he explains how times of significant change drive leaders to develop and hone new skills, allowing them to effectively communicate, demonstrate empathy and transparency, balance risk awareness and agility, and empower others.
Planning Starts With People
“In planning, you always talk about process. What the process would be in bringing up the technology, or your business lines, or your business tech. The ‘people’ portion of that always gets neglected,” said Saeed. “What happens when your entire workforce must leave the office and start working from home, practically overnight?”
“Preparation is key,” he said. “It’s knowing which skill sets you have and which ones you don’t have, and testing your capabilities with disaster drills. Having a standard operating procedure in place is also critical,” he explained, “as is knowing what tools and access individuals need to do their jobs — and having a contingency plan in place to get these tools to them.”
Managing a Remote Workforce
“The security environment out there is the one that is not connected to anything,” said Saeed. Large-scale remote work has introduced a host of new vulnerabilities that haven’t been stress-tested in the normal enterprise function. “So, the ability to prioritize and patch the vulnerabilities that pose true risk is essential,” he said.
He urged the audience to remember, your remote workforce doesn’t end with your employees or company-issued devices. You have to consider and prioritize risk mitigation across your supply chain and the fast-growing BYOD environment. Further, workers are stressed, distracted, and isolated right now. The shift to remote work in the midst of a global pandemic has created a perfect storm for insider threats — both unintentional and malicious — that could disrupt your environment.
Monitoring the New Threat Environment
With the threat environment changing by the hour, opportunistic attackers are targeting organizations’ assets and sensitive information throughout the chaos. According to Saeed, “Threat modeling can help teams better understand how their threat detection tools are working and identify critical gaps. Embedding security intelligence into workflows and decisions can help teams quickly identify, prioritize, and respond to threats, by providing critical context at exactly the right time.
Practice Makes Perfect
When it comes to preparation, “practice, practice, practice,” said Saeed. He likes to run real-time, “nitty gritty” tabletop scenarios with individuals across all levels of the organization. One such exercise happened a week before 9/11. While no one could have anticipated such a devastating event, “The muscle memory of the recoverability from a technology and security perspective was there, because we had just done it a week ago.”
Watch this executive dialogue on demand now to delve further into these topics, plus, explore ways to retain programmatic cybersecurity hygiene in the face of threats, and methods for assessing program resiliency and success.
Also, don’t miss the second installment of the “Clarity During Crisis” executive dialogue series on Tuesday, June 16 at 11:00 AM ET. Hear John Zanni, cybersecurity leader and CEO of Acronis SCS, share an approach to managing fast-evolving situations that he has put to the test throughout his decades of experience in both the private and public sectors.