Skip to content
  • Home
  • Lorca Live
    • Register
    • Agenda
    • Speaker Spotlight
    • Highlights from 2021
  • Workshops
  • Innovators in Residence
  • 2020 Highlights
  • About LORCA
  • Contact Us
LORCA Live
29 - 31 MARCH 2021
#LORCALive
  • REGISTER
  • /
  • SIGN IN
  • Home
  • Lorca Live
    • Register
    • Agenda
    • Speaker Spotlight
    • Highlights from 2021
  • Workshops
  • Innovators in Residence
  • 2020 Highlights
  • About LORCA
  • Contact Us

Emerging challenges

Back
Partner content
Dell Technologies

Barry Hensley

Senior VP and Chief Threat Intelligence Officer
SecureWorks
SHARE ON TWITTER
SHARE ON LINKEDIN

How to Crawl, Walk and Run Out of Crisis and Into Digital Transformation

It’s time to create a roadmap for digital transformation that has cybersecurity and resiliency at its core

When we begin recovery from today’s global coronavirus pandemic, whether it be 12 months or 2 years from now, I believe that there will be two types of companies that emerge. Those who can hit the ground running in a period of rapid digital transformation, and those who will struggle to emerge from the crawl phase, at risk of being left behind.

Recently I had the pleasure of recording a podcast with Melissa Hathaway, former cyber policy advisor to the Bush and Obama administrations, on the topic of digital transformation. She observed that we have a window of opportunity right now during the COVID-19 pandemic to finally embrace transformative technologies that have been available to us for nearly a decade. She remarked that our unanticipated collision with technology — as we move from physical to remote work operations — has been a useful catalyst for action. I agree that the current environment offers companies an opportunity to rethink how they’re going to market as digital businesses. I also believe it’s time for both private and public sectors to lay the groundwork that moves us from a crawl to a steady walk. Only those who are walking will be able to run when we emerge from the COVID-19 crisis.

As the leader of our Secureworks Counter Threat Unit™, I see every day why cybersecurity is an essential component of digital transformation. Those who implement transformative technologies with security in mind are better prepared to manage risk on the fly, grow revenue and safeguard shareholder value. Right now, it’s understandable to be in the crawl phase. Many organizations had to stand up remote work technologies and operations overnight. But it’s also time to consider how you’ll adjust your cybersecurity priorities and capabilities to enable the new normal.

Here’s how you can take meaningful steps in your cybersecurity program to help you crawl, walk and run toward digital transformation when we’re finally on the other side of today’s challenging crisis:

 Crawl: Identify Vulnerabilities and Document Exceptions

  • Identify key systems and data assets, where are they stored, and what are the technologies. Understand whether they have vulnerabilities, patch where you can, and add compensating controls where you cannot.
  • Take advantage of your company’s attention on disaster recovery right now and ensure that the cybersecurity component is included in those plans.
  • Develop and test your incident response plan. A shift to remote work can introduce new risk, increase your attack surface, and change capabilities and roles within in your existing plan. If your IR plan is untested, you could end up remediating a breach instead of moving forward during recovery.
  • Begin the process of change management. Document all the exceptions you make to cybersecurity processes and policies as you go, including firewall change exceptions, working outside MFA or bypassing VPN. Forgotten exceptions could leave a back door for the adversaries, right when business operations begin to stabilize.

Walk: Embed Security Controls and Governance for the New Normal

  • Implement Multifactor Authentication (MFA) and VPN. Remote work is here to stay. I can’t tell you how many times our adversarial testers have gained access to a customer’s network simply by password-spraying.
  • Embed identity access management policies across the business. Identity is the new perimeter.
  • Revisit your remote work capacity. Is a Cloud strategy in place to enable employees to access to the information they need from wherever they are? Do you have enough internet bandwidth for future connectivity requirements? In our podcast, Melissa also called out the significant groundwork that governments, supply chain leaders and infrastructure industries will have to lay soon in order to pave the way for digital transformation.

Run: Accelerate Detection and Response, Reduce Friction

  • Increase your monitoring and visibility to include endpoint and cloud services. This is where you’ll find malicious activity in a decentralized, remote working environment. Know what right looks like versus abnormal activity in that new environment.
  • Actively hunt for threats and re-entry attempts. In combination with visibility, these two capabilities can stop attacks sooner with less damage.
  • Bring detection and response capabilities up to the speed of digital business. Software-driven solutions with behavioral detectors and analytics will improve detection fidelity, reduce distracting noise, and streamline tedious lower level investigations so your people can spend their time on critical incidents and rapid response.

Securing the new normal won’t be easy for some who still struggle to remain operational. The fact remains, however, that trying to remediate a breach in a fragile state can easily do more damage than taking time to implement an adequate defense. Cybersecurity is always essential, but in today’s environment it’s mission critical. And when we’re finally on the road to recovery? It will be an imperative.

RELATED CONTENT

Article / Going global

How to create a successful cyber innovation ecosystem

09.09.2020
Article / The COVID-19 risk landscape

Watch back: live broadcast with IBM, the Oxford Internet Institute and former GCHQ director Robert Hannigan

15.09.2020
Article / Growing UK cyber

Workshop recording: AWS

18.09.2020
Article / Going global

Workshop recording: Plexal

21.09.2020
Article / Emerging challenges

Should you be concerned about the security of your video conferencing platform?

13.09.2020
Article / Emerging challenges

How to think about cloud security governance

09.09.2020
Article / Growing UK cyber

How can we rethink diversity in cyber?

17.09.2020
Article / The COVID-19 risk landscape

We ask Darktrace: is AI a threat or an opportunity?

13.09.2020
Article / Going global

Exporting cybersecurity: in conversation with the Department for International Trade

13.09.2020
Article / Emerging challenges

What early-stage organisations need to know about deploying Cyber Essentials to manage supply chain risk

12.09.2020
Article / Growing UK cyber

Creating a world class cyber ecosystem in the UK

23.09.2020
Article / Education and skills

WATCH BACK: LIVE BROADCAST ON TALENT AND DIVERSITY

21.09.2020
  • SHARE ON TWITTER
  • SHARE ON LINKEDIN
  • Lorka Logo - White
  • BY
  • Plexal logo - white-out
  • Twitter Icon
  • @LORCAcyber

  • #LORCALive


  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Highlights from 2020

© 2022 LORCA Live. All rights reserved.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all the cookies.
Cookie settingsACCEPT

Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT