The CISO’s view – Reflections on 2020 and looking ahead to 2021 in cybersecurity


Photo of Manoj Bhatt

Manoj Bhatt

Head of Cyber Security and Advisory, Telstra Purple LinkedIn

Welcome to 2021 everyone! And what better way to start the year than with a look back at the key issues, challenges and opportunities that the cyber community faced last year. Telstra Purple’s ClubCISO community held an instructive and remarkably upbeat celebration of all things Cyber in December. It was also a fitting way to bring the community together to recognise the impact and progress we have made as a profession.

We wanted to bring you the outputs from that discussion, which involved 84 CISOs from the UK and other European markets, as well as some festive fun and virtual cocktail making. Each session was chaired by a ClubCISO Advisory Board member and involved CISOs from a range of industries.

The first working session began by focusing on the three R’s of 2020:

  • Ransomware
  • Regulators
  • Resilience

All the CISOs agreed that these three issues had been the dominating influence on the working lives and role of the CISO, but the emerging force was the last one – Resilience. This chimes true with the latest ClubCISO Information Security Report, which predicted that information security would have to strengthen its resolve and adaptability in 2021. The report predicted: “There is still much to be done; most of all in dealing with emerging risks we didn’t experience last year. The unknown of COVID-19 and other geopolitical risks has created a whole new raft of new security problems. On top of that, while CISOs themselves are starting to come to terms with the impact of stress on their jobs.”

Yes, the COVID-19 situation has been a challenge. This is mostly because the sheer numbers of people working from home has vastly increased the attack surface of our organisations. But there are also positives to be had in the form of rapid digital transformation and the acceptance in even the most hardened old-school boards that technology and security are drivers of business value.

The CISOs predict that this innovation in the way we work and communicate will continue to gain momentum in 2021, but it’s not all about virtual meetings and the blurring of home and work. The CISOs discussed the importance of meaningful human interaction – not only for our wellbeing, but also as a front line of security. After all, if you’re regularly talking to people in an office environment, they’re more likely to flag emails and behaviours of a suspicious nature. In a virtual world, the opposite is happening, as phishing attacks are becoming more prevalent as people lack the support of peers to keep them watchful and safe.

CISOs are continuing to make progress in helping their people and organisations understand the impact on human behaviour and camaraderie on creating better security cultures. As the Information Security Report found, Security Awareness and Training was the number one area where CISOs had made tangible and measurable improvements in 2020.

But a word of warning. Some panelists are seeing organisations that are putting in tools and technologies designed to aid remote workforces, but which are actually implemented without much thought of how people really want to work. You can “empower” people with as much technology as you like, but if it isn’t fit for their purpose, they will simply circumvent it. And then we are beach into the realms of shadow IT and unintentional insider threat.

The very good news is that the CISOs are finding that security budgets are holding up fairly strongly. Where there is tightening, it is also seen as useful as it is forcing CISOs to prioritise and focus their efforts. Security culture will remain a blanket priority across the membership base in 2021, but they also expect to be building even more diverse and talented security teams to broaden the positive impact of security best practice across their organisations.

In summary, the picture the CISOs paint is a very positive one for the year ahead. The profession has shown itself to be adaptable and impactful, leading the way for their organisations’ ongoing (if enforced) digital transformation.

In the next CISO’s View blog, we will tell you what the CISO panellists had to say about motivating and influencing boards, their teams and end users. Heads up that it isn’t easy, but the members have some excellent best practices to share.

Related Insights

Hands holding a globe cyber security post pandemic

Why scaling cyber security controls has never been more important

Businesses survived 2020 through rapid digital transformation but In this roundtable with the Australia-UK Chamber of Commerce we discuss how organisations must keep pace with their cyber security posture.

Learn more

The Cybersecurity needed to fight state sponsored attacks

In this edition of AI Magazine, Manoj Bhatt contributes his perspective on the rising threats and vulnerabilities that have emerged during the global pandemic and how business security must adapt.

Learn more

The critical role of mobile and cloud security for business success

Following our recent survey of industry leaders to identify the main enablers of business agility, Manoj Bhatt highlights the essential mobile and cloud security components that business must include in their move forward approach.

Learn more