Cybersécurité - Témoignage Les Assises

Cybersecurity – Testimonial: “This crisis shook things up and turned the spotlight on security”

The CISOs who were highly requested during the first weeks of the lockdown start to assess this out-of-the-ordinary crisis. And the analysis is clear: even if it has been difficult, it helped put in the frontline teams that are usually in the shadows. This is the testimonial of a CISO working in a big corporation, who shares with us his experience and the changes brought about.

The first challenge was to make sure all the employees could work from home (many thousands) and access the VPN from all over the world. “Thankfully, we had experienced large-scale remote working during the public transport strike in Paris, with most of our employees working from home. Therefore, we were not overwhelmed. However, we had to speed up the remote process for the job positions that usually do not qualify for remote working and we had to support all the employees who were not used to it (especially abroad) with a list of measures to follow (being aware of phishing, not bypassing our VPN…)”.

In this new situation, cybersecurity teams’ work took on a new dimension: “we became facilitators that allow activity continuity. Security is too often seen as a stumbling block. But here it was the opposite. By adjusting security levels on “Time to Market”, we were really able to support business units and especially those that were not accustomed to these work methods”. 

A compelling time for cybersecurity teams “coupled with exciting pressure. We work extra hours and most of us are exhausted. Which is why we are happy to receive thank you emails.”

Even if the crisis is not over, what is our assessment of those last two months?

“Undoubtedly, this crisis shook things up and turned the spotlight on security. We were not identified in the critical teams of the BCP before. Now we are, and it will last.”

However, there are still a few unknowns on the budget that will be allocated to cybersecurity: “there is an activity slowdown so we must cut costs. Security will be touched, but probably less than many others because of its symbolic role during the crisis”. But we have to confess some technical concessions due to the situation: “we adjusted our security level to be operational quickly. But now, we have to go back to optimal security.”