Afternoon Cyber Tea: Evaluating individual and organizational cyber risk in a pandemic

Cybersecurity professionals find themselves in high demand as organizations worldwide continue to grapple with how to secure millions of remote workers. James Turner is an industry analyst at CISO Lens and served as an adjudicator from 2017 to 2019 for the Australian government’s cyber war games: Operation Tsunami. In this episode of Afternoon Cyber Tea, James and I talk about how the COVID-19 pandemic has accelerated the critical need for cooperation across the cybersecurity industry, as well as the need for strengthening communication between governments and private organizations.

Our discussion really examines how the pandemic has pushed organizations toward greater cost efficiencies and a new mainstreaming of cybersecurity—democratizing the language and tools to make it part of everyone’s “9 to 5” experience.

“Everyone has a plan until they get hit in the face,” as James puts it. “Ransomware is off the hook—one organization just got hit with a 10 million dollar ransom. That’s more than the average Australian or New Zealand organization spends on security in a year.”

If the old saying that every crisis presents an opportunity holds true, James sees the pandemic as a tremendous catalyst for better information sharing amid budget cuts and a fragmented workforce. “The security operating centers at large banks are on speed-dial with each other because the attack against Company A hits Company B the next day. No organization, or even an entire country, can do it all by themselves.”

During our talk, we also touch on how the pandemic has pushed security professionals to look at new ways of optimizing delivery, such as utilizing an integrated security solution rather than an expensive niche product. “It’s given businesses a new appreciation for automatic patching,” James recounts. “My group of CISOs is discussing installing agents on personal devices; the legalities and logistics around that. Budgets are becoming an issue; so, I’m encouraging them to think like startups—get creative.”

James and I also examine how security professionals need to do a better job of evangelizing across the entire IT sector, including developing a ground-level understanding of your own organization’s business units. Cybersecurity will only be truly effective when it’s no longer part of an org chart but simply part of everyone’s job.

To hear my complete conversation with James Turner, listen to the full episode.

What’s next

In this ongoing podcast series, I talk with cybersecurity influencers about the evolving threat landscape and explore the promise of systems powered by AI, IoT, and other emerging tech. In every episode, we’ll look at empowering people and organizations to create a more secure, productive digital environment.

Listen to Afternoon Cyber Tea with Ann Johnson on:

  • Apple Podcasts: You can also download the episode by clicking the Episode Website link.
  • Podcast One: Includes the option to subscribe, so you’re notified as soon as new episodes are available.
  • CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.

In the meantime, bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.