2020 was a year of learning for security and risk practitioners, in fact, the blueprints they started the year with quickly became obsolete. At the end of the year, it’s time to look back on what the industry learned and what 2021 will bring with the final episode of the year of Digital Threshold Live.
Host Anil Chitkara, Evolv Technology Co-founder and Head of Corporate Development, welcomed two guests from Teneo, a global CEO consulting and advisory firm, Courtney Adante, President and Security Risk Advisor, and Jonathan Wackrow, Managing Director and Global Head of Security. Adante and Wackrow shared what they learned during this unexpected year and how that will shape risk and security postures in 2021.
2020: New and Emerging Risk Required Agility and Creative Solutions
No matter what industry, size, or level of success, most organizations were not prepared for a pandemic. Even when more information about COVID-19 became available, and there were shifts in work, Adante commented, “We were building solutions on the fly. This mode of operating will likely continue into 2021.”
Wackrow agreed, “Everyone has a plan until they’re punched in the face, and everyone got punched in the face. Those that have been successful, identified threats with the virus and pivoted quickly with a model of resilience and flexibility.”
COVID-19 wasn’t the only risk in 2020. Civil unrest around social and criminal justice reform, a faltering economy, rising crime rates, mental health issues, cyber-attacks, and natural disasters also commanded attention in 2020. Those same challenges will carry into 2021.
How Do Organizations Move Forward with Risk Management?
Adante and Wackrow discussed risk monitoring and intelligence, and their importance. They are leveraging data analysis and expert critiques to add context while concurrently teaching their clients how to do this.
Wackrow said, “In thinking about threat domains and how they impact your organization, it’s not only about consequences and severity, but how are you going to respond? You don’t want to be in a reactive model.”
A New Domain for Security: Health Security
In the realm of security, prior to a pandemic, the branches were physical and cyber. Now companies realize that health security also has to be part of that conversation. It becomes a new pillar requiring subject matter expertise, and is not something traditionally part of the security component. “We’re seeing hiring of chief medical officers outside of healthcare, in airlines and real estate developers. Businesses are now prioritizing this expertise,” Adante added.
This new part of security is changing the role of the Chief Security Officer (CSO).
The New CSO
Traditionally, a CSO has been about gates, guards, and guns. 2020 has disrupted this idea, and the role will never be the same. The CSO has three areas now: physical, cyber, and health. The CSO isn’t necessarily the expert on all these things, so that’s causing three shifts.
First, CSOs will have to think about risk management and strategy, along with its alignment with business operations and strategy.
Second, they’ll need to form collaborative relationships with leaders in HR, information security, and operations.
Third, there are now new issues on the plate, with physical locations mostly being empty. “New issues in security are now part of the story with the ‘work-from-home’ model. Those aren’t going away and may become bigger,” Adante said.
Resiliency: What Does That Mean in 2021?
The last question for security and risk leaders is to think about what resiliency means in 2021. It’s not about business continuity. Most businesses had those before the pandemic. They were very IT-focused. Companies need to integrate the three pillars of security — physical, cyber, and health to create a more sustainable version of resiliency.
Get More Insights from the Experts
To view our OnDemand version of Episode 5, click here or the video below:
Too busy to sit in front of your laptop and watch these webcasts? We now offer these as a podcast. The Digital Threshold Podcast series is available on Apple, Google or Spotify.
Don’t forget to for our next event.