Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

How the role of CISO is evolving due to hybrid and remote work

By Jaspal Sawhney
hybrid-work-security-fp1170x658.jpg

Image via Freepik

November 15, 2022

With the Big Bang came the expansion of the universe, forming superclusters, galaxies and planets. Now, a similar series of events are unfolding in our computing environment. Traditional network perimeters are rapidly expanding as digital operations are becoming more distributed and outside the confines of individual organizations’ physical walls.


Access requirements have also increased, with more users, devices, application services and data than ever before located outside of enterprise headquarters —  making it the perfect security problem, particularly regarding network security.


The pandemic was a catalyst for remote and hybrid work, and it’s here to stay —  with 71% of companies set to make these work policies permanent. For this to be effective, IT infrastructure investment must reflect the ever-changing threat landscape and the needs of disparate and distributed network perimeters. 


But it’s not just about tools and technology. The accelerated changes caused by the pandemic have also required the role of the chief information security officer (CISO) to evolve. Today, they don’t just protect the organization’s critical infrastructure and systems. CISOs ensure that information and assets stay protected and businesses continue to operate unaffected by potential cyber threats or adversaries. 


Anyone in the role of protecting information for enterprises is now grappling with significantly increased threat levels, meaning the stopgap security tools deployed in response to COVID-19 must be modified or replaced with robust, permanent solutions. But on the plus side, almost three-quarters (72%) of IT leaders believe there’s been a positive shift in the remote and hybrid work mindset following the move to work-from-home during the pandemic. 


And this shift continues to influence an evolution in priorities within security strategy, alongside other critical factors that will drive what it takes to further strengthen enterprises’ information security posture. 


Current challenges facing today’s CISO

Cybersecurity attackers are continuing to improvise threat tactics, searching for any backdoor or window left ajar to take advantage of and gain access to enterprise networks. Supply chains are one of the most commonly breached points to gain access, especially when it comes to critical infrastructure institutions (CII). Instead of having to breach the CII’s network directly, attackers can capitalize on less secured vectors and gain maximum access with relative ease.


The supply chain environment, which requires companies to collaborate in many ways, presents an opportunity for attackers to exploit gaps in security enforcement. For instance, the Log4J supply chain attack, which saw a vulnerability exposed in software used by nearly every cloud service and enterprise network, highlights the lack of visibility organizations have in their software supply chain.


And as cloud adoption continues to accelerate, it’s critically important that firms look beyond their own internal security strategy. Now, it’s equally essential to have a robust framework to identify and classify information outside of traditional network confines — measuring and monitoring the security of any assets deployed. 


But, unlike on-premise solutions, deployments on the cloud require a number of providers to be involved, which brings with it familiar challenges. From ensuring strategies are uniformly enforced to adopting information security policy and key principles across the stack. Establishing an effective model to operationalize security between all stakeholders is another threat actors have been known to take advantage of, aiming for crown jewels hosted outside the enterprise’s perimeter.


Making security an ongoing topic in supplier reviews will provide the business with a better understanding of cyber risks and possible exposures within their supplier ecosystem. Assessment of the security posture of suppliers either using third-party services or through peer reviews may also enable better visibility of continuity risks for key processes. Relevant scenarios can then be embedded into business continuity plans, which can be rehearsed to ensure the least disruption in the event of an actual compromise to vendor environments.


Security means knowing the who, what, where, when and why

Whether it’s causing business disruption, stealing intellectual property or compromising customer data — cyberattacks can have a considerable impact on a company’s reputation, regulatory standing and customer confidence. So, it’s critical to arm businesses with the right tools to prevent and minimize the impact of cyberattacks. 


In 93% of incidences, a cyberattacker can breach an organization’s network perimeter and access local resources, using commonly known vulnerabilities and exploits or through carefully crafted campaigns harvesting credentials from unassuming users.


It’s no longer enough to just validate identity, meaning that methods such as two-factor authentication are no longer sufficient. Secure access now means validating not just identity, but the context and channel of the information being acquired. 


It’s clear that the dynamic access requirements of digital businesses have become a reality. And this is where Secure Access Service Edge (SASE) architecture comes to the fore.


SASE is a digital enabler — it’s a shift in the security architecture mindset. The introduction of SASE means organizations no longer need to manage security boxes that deliver disparate, separate solutions. Now, there’s the opportunity to deliver policy-based security with context, meaning more assessment of who exactly is accessing information, at what time, where and for what purpose.


By 2025, it’s anticipated that more than 50% of organizations will have clear strategies to adopt SASE, up from less than 5% in 2020. Here, expanding the network architecture to include SASE begins with picking the best-fit solutions for key components. For example, secure web gateway, secure web access, cloud access security broker or zero trust network access solutions. 


And there are other authentication, authorization, policy, user and entity management solutions can also add to the mix, meaning companies can find the right solutions to optimize their individual business security. 


Employees are your best defense

While there are countless solutions available to support secure digital operations in remote or hybrid environments, navigating these options can be a relentless job for those responsible for business security. But keeping defenses up to date is critical to stand a chance against new attack tactics.


Many organizations don’t have the capacity or capabilities on-hand to respond to all the digitization requirements of a diverse, modern, digital enterprise. Here, support from trusted security partners and System Integrators (SIs) can help organizations bolster their security strategy and ensure operations are safe and secure in an increasingly hybrid environment. 


Drawing on the expertise of others, as well as fueling awareness of cybersecurity among employees, is still one of the most important defenses against malicious activity and cyber fraud. It’s crucial to have a holistic security awareness program comprising regular, easy-to-understand information on the evolving threat landscape and the role of every individual if an incident should occur. Involving the employees in regular drills to test situational alertness and detect initial attack attempts is a foundation for company-wide cybersecurity awareness and prevention.


CISOs: The intersection of cybersecurity and hybrid work

The number of knowledge workers continuing with hybrid arrangements has increased to 58%, up from 46% in May 2021, according to Future Forum. It’s clear that employees will continue to connect from various locations and likely operate from untrusted networks, as the flexibility afforded by hybrid working remains.


For CISOs, this translates to ensuring secure and contextualized access that enables employees to operate in an environment that won’t inadvertently lead to a data breach or compromise critical assets. 


As organizations continue to evolve their fast-tracked, pandemic-response solutions into more mature, long-term approaches, there’s an opportunity for CISOs to drive holistic business and information protection — ensuring that the solutions and offerings deployed today will stand up against the increasingly sophisticated cyberattacks in the present and coming times.

KEYWORDS: Chief Information Security Officer (CISO) cybersecurity risk management supply chain

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jaspal Sawhney is Global Chief Information Security Officer at Tata Communications.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • The Uncharted Path for New Security Leaders

    Hiring a CISO: The evolving role of your security executive

    See More
  • remote work

    How to address data privacy risks created by remote and hybrid work

    See More
  • desk with coffee, keyboard and notebook

    Sixty-three percent of CISOs predict hybrid or remote work to remain

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing