teissTalk host Jenny Radcliffe was joined by Gary Sorrentino, Global Deputy CIO, Zoom; Marios Clark, Chief Information Security Officer, Zava; and Paul Baird, Chief Technology Security Officer, UK, Qualys how security teams have been adjusting to the new normal.
How Zoom stepped up to the plate
The pandemic presented Zoom with a once-in-a-century opportunity, as well as a gigantic challenge. The number of the platform’s users have soared from 10 million to 300 million in a few months. The onboarding of business and non-business users at scale called for a sustained period of all-hands-on-deck type of intensive product development. The features that were given priority at the beginning of pandemic included the waiting room, passwords and the integration with twitter. As Covid hit, “help people!” became Zoom’s new motto. For example, the company has supported schools by providing 95 million minutes of telelearning and it has been an instrumental channel of telehealth too.
Why many CISOs need to get their act together
Surveys have shown that the average CISO doesn’t practise what they preach. They have admitted to reusing passwords that often consisted of the name of their dog and an occasional exclamation mark if a special character was also asked for. More shockingly, they would also use public wi-fi networks without a VPN. Covid, however, has put an end to the era of the CISO sitting in an ivory tower. With the new cyber security challenges that the distributed team presents, CISOs need to engage with all aspects and IT environments of the business and ensure they set a good example for employees.
How has cyber security experts’ role changed?
During the pandemic it has often been the case that team members had to work together with colleagues who they hadn’t met in person before. Telehealth, where customer service agents listen to and record confidential calls and manage sensitive patient records on home networks have been the staff of security experts’ nightmares. This situation, naturally, served as a hotbed for phising and fraud. Employees’ irresponsible use of LinkedIn has also been an issue. To demonstrate the scale of the problem, it has been revealed that more than 10,000 people were connected to a Chinese spy with a fake profile on the platform. However, one might say that connecting to people you can’t remember meeting isn’t the real problem. Instant messaging them is. And the migration back to the office presents security experts with yet more dilemmas. In an ideal scenario, their efforts invested in upskilling staff and raising their awareness of security issues are bearing fruit now, and returning employees will pose much less of an internal risk for the company’s information security. The onus is on CISOs and security experts to turn corporate users into security partners who have some basic understanding of the security controls that are in place.
New skills for the new working environment
In this distributed environment communication skills, emotional intelligence and empathy are becoming key requirements for cyber security roles too. Indeed, the ability to contact people and communicate with them efficiently will become essential to almost any position. Given that Zoom meetings will most probably remain an integral part of office life, candidates who are better at dealing with excessive cognitive load must be given an edge on others less capable.
Meanwhile, taking out commuting from the equation in remote-only working environments means that recruiters have a much bigger talent pool than pre-pandemic to select candidates from.