{"id":22445,"date":"2020-11-16T09:42:17","date_gmt":"2020-11-16T09:42:17","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/post-covid-cyber-security-new-normal\/"},"modified":"2020-11-16T09:42:17","modified_gmt":"2020-11-16T09:42:17","slug":"post-covid-cyber-security-new-normal","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/future-of-work\/post-covid-cyber-security-new-normal\/","title":{"rendered":"Post-Covid Outlook for Cyber Security: New Normal \u2026 Looking a Lot Like the Old"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\"><strong>The COVID crisis has not changed the cyber security fundamentals: What will the new normal be like?<\/strong><\/h3>\n\n\n\n<p>Two recent reports highlight the current cyber security paradox: While the COVID pandemic has turned business and society upside down, well-established cyber security practices \u2013 some known for decades \u2013 remain the best way to protect yourself.<\/p>\n\n\n\n<p>It might not be the message the authors of those reports wanted to convey, but it remains the dominant impression.<\/p>\n\n\n\n<p>The first one, from the World Economic Forum, published in May (\u201c<a href=\"https:\/\/www.weforum.org\/reports\/cybersecurity-leadership-principles-lessons-learnt-during-the-covid-19-pandemic-to-prepare-for-the-new-normal\" target=\"_blank\" rel=\"noreferrer noopener\">Cybersecurity Leadership Principles: Lessons learnt during the COVID-19 pandemic to prepare for the new normal<\/a>\u201d \u2013 WEF \u2013 26 May 2020) is once again a superlative summary of good practices, which in the end hardly moves the needle. We&nbsp;<a href=\"https:\/\/corixpartners.com\/real-leadership-challenges-cyber-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">commented<\/a>&nbsp;along the same lines on one of their earlier reports last year.<\/p>\n\n\n\n<p>Using buzzwords like \u201cresilience\u201d instead of \u201csecurity\u201d or \u201ccontinuity\u201d does not disguise the fact that 80% or more of the \u201clessons learnt\u201d highlighted in the report (e.g. \u201cfocus on critical services\u201d, \u201cimplement meaningful metrics\u201d or \u201cpractice crisis management plans\u201d) can be summarised in three words: Follow Good Practice\u2026 More than ever, doing the right thing around cyber security, seems to consist of doing now what you should have done&nbsp;<a href=\"https:\/\/corixpartners.com\/cyber-security-true-innovation-consists-now-done-ten-years-ago\/\" target=\"_blank\" rel=\"noreferrer noopener\">ten years ago<\/a>\u2026<\/p>\n\n\n\n<p>Obviously, if those are still valuable \u201clessons learnt\u201d worth highlighting to world leaders, it implies they were not properly in place pre-COVID in spite of having been known as security good practices for decades, but the report stays well clear from discussing why\u2026<\/p>\n\n\n\n<p>The second report, from InfoSecurity Magazine, published in June (\u201c<a href=\"https:\/\/www.infosecurity-magazine.com\/white-papers\/state-of-cybersecurity-report-2020\/\" target=\"_blank\" rel=\"noreferrer noopener\">State of Cybersecurity Report 2020<\/a>\u201d \u2013 InfoSecurity Magazine \u2013 3 June 2020) offers \u2013 as expected \u2013 a more technical perspective but points in the same direction with regards to its key takeaways.<\/p>\n\n\n\n<p>The key importance of human elements in cyber security or the fact that \u201c<em>the evolution of the cloud is driving innovation whilst also exposing organizations to new security and privacy challenges<\/em>\u201d are nothing new.<\/p>\n\n\n\n<p>It is evident that the COVID pandemic has accented and accelerated those, but once again, the cloud was not born out of COVID and good practices in those areas should have been in place for decades.<\/p>\n\n\n\n<p>As a matter of fact, our 2019 report on the \u201c<a href=\"https:\/\/corixpartners.com\/cybersecurity-look-across-two-decades\/\" target=\"_blank\" rel=\"noreferrer noopener\">Language of Security<\/a>\u201d (built on the semantics analysis of the content of 17 annual \u201c<a href=\"https:\/\/www.ey.com\/en_gl\/giss\" target=\"_blank\" rel=\"noreferrer noopener\">Global Information Security Surveys<\/a>\u201d from leading firm EY, spanning the period 2002-2018) shows without ambiguity cloud security considerations dominating the period 2010-2011-2012 before receding dramatically.<\/p>\n\n\n\n<p>The shift of focus away from compliance is also something our 2019 report highlighted, but again this is a ten years old <a href=\"https:\/\/www.experfy.com\/blog\/ai-ml\/top-artificial-intelligence-trends-that-will-change-the-decade\/\" target=\"_blank\" rel=\"noreferrer noopener\">long-term trend<\/a> starting around 2010 (and arguably one of the key findings of our research): The first decade of this century was the true \u201ccompliance\u201d decade for cyber security; the last decade has been a \u201crealisation\u201d decade dominated by incidents and threats considerations, leading to the acceptance by many business leaders of a \u201c<a rel=\"noreferrer noopener\" href=\"https:\/\/corixpartners.com\/cyber-security-when-not-if\/\" target=\"_blank\">when-not-if<\/a>\u201d paradigm around cyber-attacks.<\/p>\n\n\n\n<p>The \u201cwhen-not-if\u201d paradigm creates completely new challenges for CISOs and CIOs: Old and well-established security basics still go a long way to ensure protection but the challenges are now firmly around execution, while roadblocks remain rooted in governance dysfunctions and short-termist business cultures.<\/p>\n\n\n\n<p>The COVID crisis does not change any of that but it does aggravate short-termist business tendencies and will constrain budgetary resources dramatically in most industries.<\/p>\n\n\n\n<p>If one thing is going to change (for some tech vendors at least), is that&nbsp;<a href=\"https:\/\/corixpartners.com\/4-pillars-lasting-cyber-security-transformation\/\" rel=\"noopener\">throwing money<\/a>&nbsp;indiscriminately at the cyber security problems in the hope of making them disappear is going to stop: Spending and resources will have to be focused where they can have the most impact and that has to start with a sound appreciation of critical assets and their risk posture. But again, focusing on those \u201ccrown jewels\u201d should be seen as one of the oldest and best-established good practices\u2026<\/p>\n\n\n\n<p>It looks like the \u201cnew normal\u201d is definitely going to look a lot like the old.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The COVID crisis has not changed the cyber security fundamentals: What will the new normal be like? It looks like the \u201cnew normal\u201d is definitely going to look a lot like the old.<\/p>\n","protected":false},"author":529,"featured_media":17927,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[182],"tags":[462,1015,1016],"ppma_author":[3178],"class_list":["post-22445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-future-of-work","tag-cyber-security","tag-fundamentals","tag-post-covid"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0<a href=\"https:\/\/www.stratasecurity.co.uk\/\">Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0<a href=\"https:\/\/www.telecom-paristech.org\/\">Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201c<a href=\"http:\/\/www.blurb.co.uk\/b\/9015902-cyber-security-the-lost-decade-2018-edition\" target=\"_blank\" rel=\"noopener\">Cyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0<a href=\"http:\/\/www.thedigitaltransformationpeople.com\/authors\/jc-gaillard\">The Digital Transformation People<\/a>,\u00a0<a href=\"http:\/\/www.business2community.com\/author\/jc-gaillard\">Business 2 Community<\/a>, and\u00a0<a href=\"https:\/\/www.iotforall.com\/\">IoTforAll<\/a>\u00a0platforms, as well as the\u00a0<a href=\"https:\/\/www.thebtn.tv\/\">Business Transformation Network<\/a>. He is an expert contributor on the\u00a0<a href=\"https:\/\/ciowatercooler.co.uk\/members\/jean-christophe-gaillard\/activity\/\">CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0<a href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/bridging-gap-security-it-operations\/\">InfoSecurity<\/a>\u00a0Magazine, \u00a0<a href=\"http:\/\/www.computing.co.uk\/ctg\/opinion\/2396800\/how-to-achieve-effective-cyber-security-in-a-hyperconnected-world\">Computing<\/a>, the C-Suite.co.uk,\u00a0<a href=\"http:\/\/www.informationsecuritybuzz.com\/?s=gaillard\">Info Sec Buzz<\/a>\u00a0and the\u00a0<a href=\"http:\/\/www.director.co.uk\/blog-cyber-insurance-what-do-you-think-youre-buying-20323\/\">IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=22445"}],"version-history":[{"count":0,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22445\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/17927"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=22445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=22445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=22445"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=22445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}