When the COVID-19 lockdown hit, companies worldwide transitioned millions of employees from working in offices to working at home. There were bumps to be sure, but from an IT perspective the process generally went smoothly.

What’s happened since then is enough to keep IT security professionals up at night.

“Once the transition was complete,” says an article on CSO.com, “Organizations found their attack surface had changed immensely and threat actors attempted to seize upon the opportunity. Phishing, brute-force and malware attacks surged while the number of endpoints connecting to corporate networks ballooned.”

We blogged about this subject a few weeks ago when a survey of IT leaders reported that 41% of them had experienced more security attacks than ever.

In light of the collection of surveys and studies in the CSO.com article, that now looks like an understatement.

Though the study we referenced in our post said in the early days of the lockdown companies were spending an extra $15 billion a week on IT, CSO cites a study that helps explain why: 66% of organizations had no pandemic preparedness plan in place. Others, including those that did, failed to account for the sheer scale of having every employee working remotely.

Infoblox’s COVID-19 Challenges for the Borderless Enterprise report said 38% of organizations shifted funds from cybersecurity to provide for remote worker access. 46%, however, shifted IT resources to shore up the security of their networks. Another study cited by CSO.com tells us that 60% of organizations that adopted work-from-home technology accelerated or bypassed their normal privacy/security reviews.

Consequently says CSO.com, chief information security officers “should go back and ensure that any checks that were skipped or accelerated have been redone to ensure all the risks have been accounted for.”

The article cites Zoom’s security issues as one example of a remote tool that was quickly adopted by many without considering security.

The most worrisome part of the article by CSO editor Dan Swinhoe cites a baker’s dozen of studies, surveys and reports of cyberattacks skyrocketing during the lockdown with many continuing unabated since. Here’s a sample:

  • Supply chain attacks rose 38% since the start of the pandemic;
  • Phishing incidents rose 220% at the height of the pandemic;
  • Ransomware attacks spiked more than 100%;
  • Insider-threats increased 27%;
  • RDP brute-force attacks (attempts to remotely control a computer or computer system) grew 400%.

With the majority of companies expecting more employees than ever to work from home even when the pandemic ends, a PwC Insights Survey found 96% of organizations saying they are adjusting their cybersecurity strategy due to COVID-19. 50% said cybersecurity and privacy will be baked into every business decision or plan.

“This focus on security,” observes CSO, “Should provide CISOs with more influence at the most senior levels of the business.”

Photo by Jefferson Santos on Unsplash


author avatar
Green Key

CIO or CTO? Does it Matter?

What’s the difference between a CTO and a CIO?

“Good question,” admits ZDNet. Where once the Chief Information Officer was universally acknowledged as the most senior IT executive, now, says the tech site, it “depends very much on the type of business you’re talking about.”

Where a business has only a CIO or a Chief Technical Officer, it’s an easy call – that’s the top IT executive. The duties and responsibilities are clear. Where the situation gets murky is when an organization has both.

Explains ZDNet, “The traditional split is that the CTO is responsible for the operational concerns associated with technology implementation. CTOs drill down into the details of technology. They have a strong systems focus and they know how technology works, making it more of a chief architect role.

“CIOs, on the other hand, tend to focus more on engaging with the business. So while the CTO might go and speak with vendors to source technology, the CIO makes sure the internal business gets the secure and governable systems and services it wants.”

Everyone got that? No? How about this from InsiderPro:

“CTOs are similar to CIOs. But they are responsible for the overarching technology strategy and infrastructure to help meet the organization’s goals, while CIOs oversee the IT departments and staff to manage everyday operations and in many cases work with business leaders on aligning IT with business goals.”

Where both roles exist, InsiderPro says “the CTO usually reports directly to the CIO.”

But wait. Pointing out that “As the importance of technology within the business has risen, so has the demand for knowledgeable technologists,” ZDNet says, “Some businesses – including established enterprises – have opted to rely more on a CTO than a CIO.”

Dig a little further and you’ll find that the hierarchical distinction is becoming less important as the bigger businesses move ever further along the path to digital transformation. Bornfight, a project-focused development firm, has a different take on the relationship between chief technology and chief information officers. It defines the jobs this way:

  • “Chief Information Officers are members of the executive team who are responsible for ensuring that a company leverages technology in a way that helps it optimize, improve and streamline internal processes.”
  • “Chief Technology Officers are members of the executive team who are responsible for ensuring that a company’s product utilizes technology in a way that will meet the customers’ needs.”
  • The company included this handy chart comparing the roles.CTO vs. CIO - blog.jpg

Bornfight’s most significant contribution to the discussion may well be that in organizations large enough to need both, CIOs and CTOs are complementary to each other.

“From a business perspective, you need these two positions and you need them to fit well together and cooperate — this leads to progress. The right way to approach this is to look at these positions as two sides of the same technology coin, a sort of a buddy-buddy relationship.”   

Photo by ThisisEngineering RAEng on Unsplash


author avatar
Green Key