contador web Saltar al contenido

Trust, ethics and risk management are key words in the cybersecurity of organizations during and after COVID-19

The way companies and other organizations had to prepare themselves to telecommute teams and maintain business continuity in the face of the COVID-19 pandemic, and the confinement obligations that were imposed, caused many digital transformation processes that were in course had to accelerate. But after this phase, and with ongoing processes of deflation, the good practices created can and should lead to new ways of working. This was one of the ideas shared in yet another webinar promoted by IDC Portugal, in the series IDC Future of Enterprise Response to COVID-19, which yesterday was dedicated to the Future of Trust.

Gabriel Coimbra, director of IDC Portugal, admits that this pandemic has allowed organizations to take a 10-year leap in the digital transformation, and that changes that we expected to happen at a slower pace had to accelerate, also in the area of ??cybersecurity. Bruno Horta Soares, IDC's leading executive advisor, recognized this trend and presented the study and the consultant's recommendations in this area, many of which are already part of the strategy applied by Axians, Cisco, Oracle and DXC Portugal to their clients, as they shared the speakers during a panel of invited technological partners.

Among all the interventions it is clear that the world has had to change and that the companies and organizations that have already made this transformation will not go back on adopting technology and security and risk management solutions that have a more comprehensive vision and touch more distributed. Despite a slowdown in IT investment, the areas of unified communications and collaboration are growing and Bruno Horta Soares says that in the second half investment in security will increase as organizations feel the need to reinforce their preparation in this area .

For CIOs, the challenges are complicated by the dispersion of workers and the increasing activity of hackers, which is increasing, says Bruno Horta Soares, remembering that organizations that already valued risk management managed to manage changes more easily, while those that did not have a quantified risk had more difficulties.

For IDC's leading executive advisor, security programs will value more targeted layers for classifying information, users and applications, and in the next six months it will be important for CIOs to look more closely at the areas of process automation in responding to incidents, systems of multi-factor authentication, planning of the Bring Your Own Device policy and the review of Data Governance, but also the strengthening of the ecosystem.

The review of Data Governance policies has to move quickly () a shift towards continuous monitoring and auditing is necessary, he stresses, warning that there will be no security transformation if the organization does not.

For IDC, organizations have to evolve towards a trust model, which is a step ahead of cyber risk models, including compliance, privacy and ethics, together with risk topics. Cybersecurity may have its days counted as a buzzword, he warns.

Manage trust

IDC estimates that by 2023, 50% of the largest companies (G2000) should appoint a trust director with the skills to ensure that trust concept in areas such as security, finance, HR, risk, sales, production and the legal department. Trust will be a key word for the consultant, and the vision shared by the various stakeholders in the IDC Portugal webinar.

Paulo Miranda, Business Manager of Enterprise Systems, from Axians, says that in a first phase the companies were concerned with keeping the lights on, and in the continuity of the business, and that they are now preparing for the second wave. But it is necessary to start to capitalize on the measures and solutions implemented and to evolve the business based on the results obtained. Remote work, information security, data privacy, process orchestration and automation and resource virtualization are key themes in this strategy.

During the debate panel, Antnio Gameiro Marques, Director-General at the National Security Office (GNS), also defended that the essential tactic in building Trust. I see this theme in four areas: the defense of national interests, cybercrime and the protection of critical infrastructures, the economic component and the preservation of rights, freedoms and guarantees, he says, stressing that if this is not safeguarded, the confidence that is not built.

The head of the GNS points out as an example the tracking applications that are being discussed in Europe, and in Portugal, stating that the polemic happens because it is not clear how to create trust so that people know they can use it freely and that your privacy is assured, and that the data is not used for other purposes. We use Uber and we have no problem sharing our data and telling where we are () a matter of trust and we have to keep that in mind, he says.

Seize the opportunity and incorporate process change

The idea that it is necessary to use the knowledge and good practices adopted in this period to make organizations evolve was also shared by several stakeholders. Csar Pestana, president of ESPAP Shared Services Entity of the Public Administration, shared the experience of setting up an operation that passed in a few days for remote work in about 90% of people, with reallocation of assets and people. In just a few days we were able to put the operation of shared services and public purchases all on a remote model, he said.

ESPAP is now at level two, where the vision is to seize the opportunity and incorporate process change. The fact that ending the pandemic as soon as possible will not stop processes that have improvement from being executed when we can return to proximity work () There are benefits in AP and ESPAP, acknowledged Csar Pestana, ensuring that there are structural processes that will stay after the pandemic.

Even so, there are leadership challenges, with the need to reinforce issues and empathy and transparency, which is necessarily different in teleworking models, requiring a communication process that must be regular, intense and diversified.