By Ed Moyle
May 8, 2020
Warren Buffet once said, “Only when the tide goes out do you discover who’s been swimming naked.” You can cover over a host of sins when times are good, but bad or unsafe practices will be exposed when times are rough.
Time and experience have borne out how accurate this witticism has been in the financial arena — and we’re now seeing how it can be true when it comes to the intersection of information security and COVID-19.
From an information security standpoint, current events have brought about a “new normal” in what we do and how we do it. The pandemic has impacted almost every aspect of security in some way — from security operations to security management to security planning and beyond.
Some organizations, particularly those that have embraced operational agility and resilient modes of service delivery, have found the transition relatively painless. Some even have derived unexpected competitive advantages. Others, like those that have rigid operational processes or rely on less resilient strategies, have found it less so.
Ultimately, when we finally reach a “post-COVID” state, there will be plenty of time to analyze what surely will be many lessons learned from the decisions we’re making today (and the legacy of the decisions that we made in the months and years leading up to today.)
However, it’s likely that many weeks or months will pass before we can get to that systematic and analytical retrospective. Yet even though the data will be slow in coming, we can draw out some trends — though still anecdotal — based on what we see in the world around us.
There are lessons we can learn to inform how we plan for the remainder of this crisis, and they may inform the questions we ask when the time for retrospective analysis does come.