As we wind on down to the close of this auspicious year, we’ll feature a few prognostications from our community. Nannette Cutliff is the CIO and CISO for Pacific Service Credit Union. She spoke at the recent CSHub Financial Services Summit on Thwarting The Threat Matrix When Transaction Velocity Increases By 40%.
We’ve been keeping in touch with Nannette and recently asked her thoughts on what to expect in 2021. If you’re looking for text on how easy it’s going to get, you’re in the wrong place. Nannette shares that even if economic conditions improve- it’s going to mean a heck of a lot of work for cyber security executives.
Of note is one key issue that Nannette discusses is the health and wellness of your 3rd party partners. So it’s probably as good a time as any to look for 7 Key Critical Characteristics of Safe Vendor Partners.
Seth Adler: Tell me one thing about 2021
Nanette Cutliff: The rate of change is going to be hellacious. You've got pent up demand, for all the things that we didn't get done. We have a new paradigm, in terms of workers being remote, that are doing things that, remotely, were never done. That opens up a whole new level of risk that was not there before. These were functions that just were not considered feasible, because of the risk associated with them being done remotely. They are now happening remotely. What does that do to your risk score? Or your risk profile?
Seth Adler: "But, I've been doing it for three quarters that way. Fine, the first quarter that I was doing it- I had to figure it out. Maybe the second quarter I made adjustments- but didn't I learn my stuff in the fourth quarter? And I'm fine, now?"
Nannette Cutliff: No, because it's like anything else, it continues to evolve. All the things that you're doing now, you're doing because you're in survival mode. And you're making sure that you can survive and things are fine, et cetera.
We're evolving back to the new normal. That new normal includes all of the other system updates, all of the other things. And, for all of your vendors, all of them are impacted or impaired, too. Are they coping with talent issues, system issues, and any other delivery issues?
Now all of your integration points are potentially impacted or impaired, based on how well those relationships have weathered the storm. Do you have relationships that have totally failed? Have you had relationships that have had significant problems- that you're only now becoming aware of? And you've got to either decide to jump ship, or find ways to have countermeasures, until they can recover. What do you do?
So the change level- the volume- is getting ready to go through the roof. Consider all of that as you contend with the onset of the velocity of information that's going to continue to travel online.
Considering Nannette’s mindset, don’t coast in this Q4. Take your lessons learned from Q2 and Q3 and apply them now. Check your hygiene. Check your 3rd parties. Realize the sea changes coming for your specific industry as well as global corporate enterprise on the whole. If there is one type of person that is ready to face the type of grind outlined above, it’s a cyber security executive. The threats always get more sophisticated. Outpace change as you’ve always done. Keep calm and carry on.