Menu

infosecurity

top cybersecurity risks trends and predictions for 2023

Top Cybersecurity Trends and Predictions for 2023

, , , , , , , , , , , , , ,

Without a doubt, 2022 has been such an eventful year in the world of cybersecurity. There were over 2.8 billion reported cases of malware attacks worldwide and over 236 million reported cases of ransomware attacks just in the first half of the year.

In 2022, the government of Costa Rica declared a state of emergency and Toyota was forced to shut its 14 factories in Japan, following different and several cyberattacks.

As we enter the last few hours of 2022 and look forward to 2023, cybersecurity remains top of the agenda for the leaders of several businesses and organizations worldwide.

It is, therefore, natural to start thinking about what the next year might bring in terms of cybersecurity trends and predictions, and help inform decisions on information security strategies and budgets.

Here are my top 10 cybersecurity trends and predictions for 2023:

Ransomware Attacks

Ransomware attacks, in which hackers encrypt a victim’s data and demand payment to decrypt it, have been a major problem in recent years. These attacks are likely to continue in 2023, as hackers find new ways to target businesses, organizations and individuals across different spectrums in different societies and cultures.

Remote Work Security

The shift towards remote work, accelerated by the COVID-19 pandemic, has created an increased need for secure remote access solutions. The nature of remote work is changing and more organizations are adopting policies and environments that allow their employees to carry out their respective tasks remotely more effectively.

In 2023, we can expect to see a continued focus on this area, as organizations look for ways to protect their networks and data while employees are working remotely.

Further developments in this area include the adoption of virtual private networks (VPNs) and other secure remote access technologies, as well as the implementation of strong authentication protocols and the use of multi-factor authentication.

Another major trend in this space is something known as Decentralized Security; a comprehensive network of proactive and reactive defenses with built-in machine learning features that monitor endpoints, identities, and access regardless of who the users are, what they do, or wherever they may be connected from.

Supply Chain Attacks

Supply chain attacks involve compromising the security of a third-party vendor or supplier to gain access to an organization’s systems or data. These attacks can be difficult to detect and prevent because they usually do not involve any direct interaction with the target organization.

Organizations can establish steps to mitigate against such attacks including implementing secure supply chain practices, conducting thorough random checks on their suppliers, and implementing incident response plans.

A recent policy statement published by the Bank of England outlines regulations that affect financial institutions regarding outsourcing and third-party risk management.

New Technologies & More Attack Vectors

As new technologies emerge, they will also bring new attack vectors for hackers to exploit. In 2023, we may see an increase in attacks targeting the internet of things (IoT), as well as attacks targeting emerging technologies such as 5G networks and quantum computers.

Artificial Intelligence and Machine Learning

Artificial intelligence (AI) and Machine Learning (ML) have already started to play a significant role in cybersecurity, and this is likely to continue in 2023. These technologies can be used to analyze large amounts of data and identify patterns and anomalies that might indicate a security threat.

One example of this is the use of AI and machine learning to analyze log data and identify unusual activity that might indicate a cyberattack. This can help organizations respond more quickly to threats and minimize the damage caused by an attack.

Regulation and Compliance Requirements

As cybersecurity threats continue to evolve and become more sophisticated, we are likely to see increased regulation and compliance requirements in the coming year. This may include new laws and regulations that require organizations to implement certain security measures, as well as increased penalties for organizations that fail to meet these requirements.

Last year, I wrote an article about the Digital Operational Resilience Act (DORA) regulation proposed by
the European Union (EU).

With DORA, the EU aims to harmonize and improve risk management and operational resilience within the financial sector across the region by addressing many of the issues that concern leadership, governance, and continued operations through a severe operations disruption as well as establishing an oversight framework for managing ICT critical third-party providers (CTPPs).

The Council of the European Union (i.e., EU Council) recently adopted DORA as policy across the region.

Evolution of Cyber Threats

Cyber threats are constantly evolving, and we can expect to see new types of attacks and tactics in 2023. As hackers become more sophisticated, they will continue to find new ways to target organizations and individuals.

To protect against these evolving threats, it will be important for organizations to stay informed about the latest developments in cybersecurity and to implement effective security measures. This may involve investing in new technologies and training employees to recognize and respond to potential threats.

Cloud Security Solutions

The use of cloud-based security solutions is likely to increase in 2023, as organizations look for ways to protect their data and systems in the cloud. This may include the use of Cloud Access Security Broker (CASB) services and other cloud security technologies.

Zero-Trust Security Models

Zero-trust security models, which assume that all users and devices are untrusted until proven otherwise, are likely to become more popular in 2023. These models can help organizations protect against insider threats and ensure that their networks and systems are secure.

We can expect more security products and services to be compliant with zero-trust models, satisfying all seven tents of the NIST 800-207 model on zero-trust, as an example.

Data Privacy and Protection

As more data is collected and stored online, the protection of personal and sensitive information will continue to be a major concern in 2023. Organizations will need to implement strong data privacy measures to ensure that they comply with applicable laws and regulations as well as protect against data breaches.

“How do we effectively protect our consumers’ information from unauthorized access, use, and abuse?” This is just one of many pertinent questions that information security and risk leaders must anticipate for the future and plan accordingly.

Cybersecurity Insurance

According to a recent report, the global cybersecurity insurance market size is expected to reach US$32.6 billion by 2028.

As the risks of cyberattacks continue to grow, we can expect to see an increase in the use of cybersecurity insurance in 2023. This type of insurance can helps organizations protect against the financial impacts of a cyberattack and ensure that they have the resources to recover from an incident.

We’re falling into this old habit of trying to treat everything the same as we did in the past… This simply cannot continue. We need to make sure that we are evolving our thinking, our philosophy, our program, and our architecture.

— Sam Olyaei, Gartner Analyst

In conclusion, 2023 is likely to see an increase in supply chain attacks, state-sponsored cyberattacks, a continued focus on the security of remote work, the emergence of new technologies and attack vectors, and the growth of ransomware attacks. However, it will also be a year for some organizations to derive benefits from their investments, preparedness, and innovations in information security and regulatory compliance best practices.

Why Cyber Kill Chain not Sufficient to Protect Your Organization

Why The Cyber Kill Chain Is Not Sufficient to Effectively Protect Your Organization

, , , , , , , , , , , , , , , ,

An epochal shift during the 21st century has led us to enter a new era of technological advancements, where cyber security has become vital in keeping an organization and business secure.

The rise of computers, telecommunications and the internet had opened the doors for cyberterrorism. Cyberattacks had become so rampant that they started to become a threat to the economy. Cybercriminals and hackers have also evolved their digital skills in stealing and destroying other businesses by breaching information security.

Having an effective security system to protect your organization is your best defense against cybersecurity threats. It does not only protect your business but your consumers and employees as well.

Investing in an efficient cybersecurity plan promotes risk management for monetary and reputational damage and ensures data integrity and confidentiality within your organization.

Ignoring cybersecurity is a grieve and an expensive mistake to make. Though it may not eliminate the risk of cyberattacks, a layered security approach can withstand cyber intrusion and assaults.

Lockheed Martin Cyber Kill Chain Framework

The Cyber Kill Chain is a stage-based framework (or methodology, if you like) originally developed by Lockheed Martin which traces the stages of cyberattacks. An adaptation of an established military defense operation, it is a part of their Intelligence Driven Defense Model that identifies vulnerabilities and prevent cyber intrusion activities.

This framework is named “Kill Chain” as it was adapted from a military term related to an attack’s structure. By stopping the attacker at any stage during the assault can break the chain of attack! The adversary must completely advance through all the stages to succeed. Each stage of intrusion will give us the chance to know more about the attacker and use their tenacity as our leverage.

The Kill Chain Framework works in 7 stages:

  1. Reconnaissance – The step where the targets are identified. Adversaries plans and research their target organizations. These intruders will use automated scanners to find weak points in the system. They could scan firewalls to create a point of entry in the system. Detecting the intruders during reconnaissance could be challenging, but it could help reveal the attackers’ criminal intents.

  2. Weaponization – The adversaries start staging their operation. After finding security vulnerabilities in the system, these attackers will develop malware. If their target is document-based, they produce a “decoy” file to present to the victim. They weaponize malware based on the attack’s intention. This is also the stage where adversaries could find ways to reduce their chances of being detected. The defender will not detect weaponization as it happens, but they can figure out the intent by investigating malware artifacts.

  3. Delivery – The adversaries start to launch their operations. The attackers will start sending the malware to the defenders. They will deliver the weapon through email phishing or a removable/portable device. This is a vital stage for the defenders. Blocking the operation should be prioritized at this point. This can be done if the delivery medium is analyzed or targeted servers are detected.

  4. Exploitation – Advancing to this stage is when the attackers start to gain access to their victims. The malicious malware was delivered and breached the secured parameter. Opening a phishing email attachment or clicking on a malicious link has triggered the “zero-day”, a phrase that refers to the exploit code. At this rate, custom capabilities are crucial to stop zero-day exploits. But traditional hardening measures could also help in adding resiliency to the security.

  5. Installation – The hacker, had already established a beachhead at the victim. The malware has installed a backdoor that will serve as a point of entry for the intruder. Some adversaries would ensure that the malware looks like a regular part of the installed operating system. In this stage, it is important to stop the attack by using systems such as the Host-Based Intrusion Prevention System (HIPS). It can alert or block common installation paths.

  6. Command and Control (C2) – The adversaries gain control of the system’s network. The malware has opened a channel of command to remotely manipulate the victim. They can gain access to secure and confidential accounts and could attempt damaging attacks. This stage is the defender’s last chance to block the attack. And this can be done by blocking the C2 channel. This will stop the adversaries from issuing a command to prevent further damage.

  7. Action on Objectives – The adversaries have reached their goals-the stage where the hackers have successfully extracted their needed data from the system. They gained the power to damage further, such as collecting user credentials, destroying the system, or overwriting and corrupting the data. The longer the hacker has access to CKC7, the greater the impact of the damage. This stage could be detected as soon as possible using forensic evidence and network packet capture.

cyber kill chain model

Key Elements of the Cyber Kill Chain:

The Cyber Kills chain was designed to assist companies in developing in-depth strategies for defense. By mapping out the steps that the hackers take to complete a cyberattack, organizations would be able to combat persistent cyber threats.

Since the Cyber Kill was derived from a military model, the main elements of this framework are established to identify adversaries, prepare for an attack, engage, and destroy a target. It can quickly identify and recognize social engineering, insider threats and innovative attacks.

Drawbacks of Kill Chain Framework

The Cyber kill chain is modelled to respond to pre-determined attack sequences. It has been universally adopted for cybersecurity. But like any other model, it is not perfect and has its fundamental flaws.

  1. The model assumes a perimeter focus defense where the main resistance is a firewall. It fails to cover other internal attacks and cyberattack vector paths.

  2. Cyber Kill Chain framework’s phase sequence cannot precisely block all attacks. Most of its phases can be easily bypassed.

  3. The framework only focuses on blocking an attack but fails to define what to do after the adversaries successfully breaches the system.

  4. Once the adversary was able to penetrate the victim’s system, the framework’s timing of the attack in every phase was inconsistent. Adversaries could easily stay dormant for a longer period while they wait for the opportunity to launch their final phase of attack without being detected.

Teams that say their cybersecurity is really good are the ones to worry about. After our breach, the most difficult issue was deciding when it was safe enough to come back online. I learned that really smart engineers can talk English, under extreme pressure.

— Dame Dido Harding, former CEO of TalkTalk

Other Frameworks with Similar Objectives Compared to the Cyber Kill Chain

MITRE ATT&CK vs Cyber Kill Chain

ATT&CK is an acronym that stands for Tactics, Techniques, and Common Knowledge.

The MITRE ATT&CK framework was designed based on observations in the real world. It reflects the different phases of an intruder’s attack lifecycle and the target platforms.

One could argue that there are Cyber Kill Chain and MITRE ATT&CK both share common views and understanding of cyberattacks i.e., most cyberattacks involve adversaries breaking into networks, avoiding getting detected, stealing as much data as they possibly can, interrupting as much network operations as they possibly can, getting out as quietly and stealthily as they got in, making hidden backdoor access available if they ever need to return, etc.

However, compared to Cyber Kill Chain, the Mitre ATT&CK framework maintains a matrix model that has more in-depth details on how the adversary will attack in each stage. Also, Cyber Kill Chain fail to factor in the different techniques and tactics of a cloud-native attack.

The Cyber Kill assumes that the attackers will deliver malware to a target environment but ATT&CK assumes that the adversaries may very well change their goals/objectives mid-way through an attack especially when the success of the attack appears either easier or more difficult than they had initially planned.

Yes, one could argue that the MITRE ATT&CK framework uses Situational Crime Prevention (SCP) techniques, a set of techniques which assumes that the goals/objectives of most adversaries are not linear but influenced/informed by opportunities, constraints, limitations, resistance, and situations presented to them by their targets during the execution of attacks.

Google BeyondCorp vs Cyber Kill Chain

BeyondCorp is an implementation of a zero-trust security concept that creates a zero-trust network. Designed to provide end-to-end real-time protection and platform security. It has embedded data built into the Chrome browser to prevent malware infection from networks and provide phishing-resistant authentication.

Unlike the Cyber Kill Chain framework, Google BeyondCorp “shifts access control from the traditional network perimeter to individual devices”. Its zero-trust access approach users to securely work with untrusted networks even if they are not using a client-side VPN.

NIST Cyber Security Framework (NIST CSF)

The National Institute for Standards & Technology (NIST) Cyber Security Framework (CSF) provides a set of structured standards and measurements for cybersecurity. The framework sets out “standards, guidelines, and best practices to manage cybersecurity-related risks.”

But the downside of the framework is that its 5 categories/elements i.e., Protect, Identify, Detect, Respond and Recover; fail to directly outline how it can dissect a cyberattack incident. It also fails to supply analytic markers to test the detection.

Nevertheless, the descriptive (and not prescriptive) nature of the NIST CSF has made it seem “business-friendly” and therefore, made it possible for the framework to be adopted by businesses and organizations of all sizes and across several industries, particularly organizations in industries that are guided by regulary controls and compliance requirements where industry-uniqueness and specificities are considered important.

data breach

In conclusion, there is no one defense framework or set of techniques that could be considered all-in-one sufficient for all cybersecurity defense requirements.

In a previous article, I had looked at how the proposed Digital Operational Resilience Act (DORA) could impact businesses and organizations once ratified and signed into law.

Given the significant penalties that would be imposed for non-compliance with DORA directives, it is perhaps reasonable to envisage that DORA could eventually have similar, if not greater, impacts in both the UK and the EU region as did GDPR, albeit with very different objectives.

Whilst some of these defense techniques may excel in certain aspects of information security, many of them are complimentary to each other and bring different or much enriched strengths to the conversation.

 

coronavirus accelerates digital transformation

Crisis and Opportunity: How Coronavirus Accelerates Digital Transformation

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 0

The global crisis brought on by the coronavirus (COVID-19) pandemic has profoundly affected (and still affecting) us in several ways; it’s claimed several lives around the world, affected our various ways of life, and has put several businesses and organisations at risk of going bust.

But, perhaps equally important, the COVID-19 crisis has significantly influenced the different ways we do business and interact with clients, customers, partners, and each other. It has brought about some long and rather hard decisions.

In several cases around the world, the crisis has suddenly upended how businesses and organisations do business. Several businesses and organisations have had to make very tough decisions regarding matters like close doors till further notice, which & how many employees to furlough, allow some employees to work from home, and digitally transform how to continue to delivering quality products and services to customers.

It turned out I was wrong [about investing in American, Delta, United, and Southwest]… Our airline position was a mistake… The airline business, and I may be wrong, and I hope I’m wrong, changed in a very major way [due to the coronavirus global crisis],

— Warren Buffett, chairman and CEO of Berkshire Hathaway

When Warren Buffett, the fourth-wealthiest person in the world, dumps his entire stake in the airline industry, what do you make of that? Perhaps very significant change is yet upon us due to the coronavirus crisis?

warren buffett

It still remains unclear how long the widespread effects of the COVID-19 crisis will last. But one thing we all seem to agree on is that the COVID-19 crisis will most certainly have severe impacts on several businesses and organisations for some years to come.

Necessity? What necessity?

The extraordinary lockdown measures put in place in several countries by their respective national governments, in efforts to combat the pandemic, meant that schools were closed, live events were cancelled, large gatherings in public places were stopped, commercial flights were cancelled, several offices and workplaces were shut.

Invariably, therefore, it has become imperative and necessary that many businesses and organisations; however ill-prepared they were for the crisis; have had to allow their employees to work from home, using whatever technology devices, tools, and networks are available to them, in order to continue business operations as much and as effectively as is possible.

Remote working (i.e. teleworking) and digital living have become the new norm, and are nearly most certainly here to stay. These disruptions are likely to have lasting effects on how we do business and how we learn, well after the crisis is over and things return to the new normal.

The [coronavirus] outbreak will accelerate digital revolution… Businesses that were probably hesitant to move forward on digital because things were going reasonably well and they didn’t really want to disrupt things, that’s now out of the window.

A well-executed digital transformation would help your business or organisation adapt quickly, better, and more effectively. It would make the transition smoother, more effective, more enjoyable, and more rewarding.

Yes, it appears that the COVID-19 crisis may have repositioned digital transformation programs and efforts as top priorities for businesses and organisations that want to thrive post-coronavirus pandemic.

Establishing governance and priorities for digital transformation

Despite all great efforts and intents, several digital transformation programs still fail. Some of the biggest digital transformation disaster stories in the world include stories of GE, Ford and P&G, which were reported to have collectively wasted US$900 billion on failed digital transformation initiatives.

Perhaps, the biggest digital transformation disaster in the UK, so far, was the failed BBC Digital Media Initiative (DMI) transformation program that cost £100 million (about US$125 million).

The truth is, people aren’t the problem; it’s the organisation’s failure to communicate effectively with its people that sets them up for digital transformation trouble from the start.

This is why an effective digital transformation strategy must include; amongst several other key factors like effective communication, periodic business case review, and effective risk management; both an effective programme governance and an equally effective corporate governance.

digital transformation

On the priority front, as businesses gradually come out lockdown measures and seek out quick competitive edge and low-hanging apples, they would most likely favour “viable and promising” small changes – that will improve efficiency and offer effective business continuity – over larger and overreaching programs take the backburner.

Digital [transformation] is very iterative; there is nothing right first time, right first time does not exist. It’s learning-driven, you do something, you learn and then you refine and do it again.

Then there is a plethora of security concerns and risks to identify, assess, mitigate against, and/or manage as ongoing concerns.

Such security concerns include cybersecurity, information security, safety and integrity of corporate laptops and mobiles devices issued to employees who regularly work remotely, the increasing costs of elastic cloud capacities and use of cloud Software as a Service (SaaS) products and services, and securing of corporate networks and communications between employees working remotely and clients, customers, and possibly other employees located elsewhere.

We are in uncertain times, but with the increase of remote working and a collaborative approach, companies are turning to digital channels and embracing the transformation.

In conclusion…

The COVID-19 global crisis has challenged and tested the strength, preparedness, and resilience of even the biggest and most successful businesses and organisations around the world.

There’s nearly most certainly a culture shift that’s expected to hit our corporate, economic, and social lifestyles when lockdown restrictions are eventually lifted and life gradually returns to the new normal.

The Chinese use two brush strokes to write the word ‘crisis.’ One brush stroke stands for danger; the other for opportunity. In a crisis, be aware of the danger but recognise the opportunity.

— John F. Kennedy

Terrible as it may sound, crises like the COVID-19 crisis nearly always seem to be the harbingers of some great opportunities for growth, expansion, and diversification. And at times like these, a well implemented digital transformation becomes a key-enabling factor and one of many keys that could help unlock the new frontier.

A successful digital transformation; just like an effective risk management; has to be an integral part of the culture and mantra at your business or organisation.

Lots of businesses and organisations seem to think of digital transformation as a program or a collection of projects. That’s a rather very poorly-informed perception.

Your corporate culture and values; which include your digital transformation initiatives; are not destinations but a continuously evolving and improving journey wherein each evolution is expected to deliver better outcomes and desired results.

lead organisation back after coronavirus pandemic

7 Effective Tips to Lead Your Organisation Back to Normal After Coronavirus

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 0

There are some early signs across countries and regions around the world that the coronavirus (COVID-19) outbreak is perhaps coming under reasonable control.

The harshest of all lockdowns, imposed on the city of Wuhan in China; the centre of the global outbreak; have now been lifted by the Chinese government, allowing flights and train services in and out of the city.

In Germany, the national government has slowly and cautiously eased lockdown measures; allowing bookshops, florists, fashion stores, and some other small shops to reopen.

In the UK, the national government has indicated that there are possible chances that lockdown restrictions could be slowly and gradually relaxed starting mid-May.

In Sweden, the national government chose not to enforce lockdown. Instead, it adopted a strategy to advise Swedes to adopt reasonable social distancing practice. Swedes officials claim that COVID-19 infection in the country is stabilising; though the adopted strategy may have backfired as the country records its highest daily coronavirus death toll of 185 yesterday.

As the total number of COVID-19 cases generally starts to drop globally, the number of recoveries continues to rise, and the COVID-19 pandemic curve is flattening in several countries and regions, this would be a very good time for leaders to identify, assess, and make decisions on processes, procedures, resources, and actions that could help shape the future of their businesses and organisations in the post-coronavirus era and beyond.

After a crisis you need to get back to normal, and that can be tricky.

— Charlotte Insinger

I’d previously discussed tips on how to effectively lead your team, business, and organisation during the COVID-19 pandemic.

In this article, I thought it would be useful to discuss some tips on how to effectively lead your business or organisation after the COVID-19 crisis:

  1. Apply security patches & updates across your enterprise

    Several of your employees would have taken some business equipment home with them, so that they could continue to effectively and efficiently work from home during the lockdown.

    As people return to work, they bring their respective devices (laptops, mobile phones, tablets, and even virtual environments) back to work with them, and would simply connect these endpoints to your corporate network.

    This scenario could quite easily be the harbinger of a terrible nightmare for your business; a potentially critical risk that you’d need to effectively mitigate against.

    With a good enterprise-level patch manager, all devices and systems connected to your entire network can be scanned, missing security patches and updates detected (for applications and operating systems), and relevant/appropriate patches/updates applied accordingly, as defined in your policies.

    Strict compliance with your IT policies and procedures should be required here.

    But be very careful and thorough! A poorly configured patches or updates applied across your network could cause severe disruptions and possibly failures to your business operations.

  2. Stay connected to your stakeholders (not just shareholders)

    As I’d previously mentioned, one of the core competencies of a trusted leader during a crisis is building an atmosphere of trust and confidence. The same rule applies after a crisis.

    Often when you think you’re at the end of something, you’re at the beginning of something else.

    — Fred Rogers

    As we approach the tail-end of the Response Phase of the coronavirus crisis, now would be a good time to proactively kick-off planning activities and actions for the next phase – the Recovery Phase (and I dare say, the Building Phase?).

    Building strong and mutually-respected relationships with your suppliers, your employees, your investors, your clients, your distributors, and every person or entity within your cycle of business operations.

    Miscommunication is the root of a lot of trouble. You need someone who communicates well, and who also understands the issues.

    — Peter Wakkie

    Establish sound communication strategies for how to relay what your business plans to do next, how you plan to execute the plans, what objectives your plans aim to achieve, what/who you need to help make the plans successful, and when you need all these pieces to start coming together.

    You need to send forth relevant, appropriate and timely messages, and also be willing to listen and follow through with key conversations; keep communication and consultation channels open & active.

    Collaborate, co-operate, and communicate more often, with clarity and purpose.

    At a time like this, over-communicate is overrated!

  3. Have a Remote Work (i.e. telework) policy and procedures in place

    With lockdown measures in place in several countries and regions, a very large number of people were compelled to work from home, work remotely, or telework.

    It’s reasonable to say that such working practice was new to several businesses, and took many other businesses and organisations by surprise; without an established telework policy and procedures; or best practices; in place.

    Allowing employees to telework during the COVID-19 pandemic has been a learning point for lots of businesses and organisations. And the practice is here to stay.

    Therefore, establishing fitting telework policy and procedures; that are build on best practices and allow for increased job flexibility for your employees; should be on your to-do list.

  4. A Crisis Management Plan is not an Incident Response Plan

    There have been some quite heated debates amongst leaders on whether a crisis management plan is the same as an incident response plan.

    Yes, of course, a crisis is an incident. But an incident management plan is not necessarily a crisis management plan.

    One could argue that a crisis management plan is a seamless and well-blended combo of an incident management plan, a disaster recovery plan, a business continuity plan, and, to some extent, a risk management plan. But it’s certainly not one without the others.

    crisis management

    In several businesses and organisations, certain critical services; e.g. Finance services, IT services; are always expected (or assumed) to be available regardless of emergencies, crisis situations, or limited resources. This very objective forms a key part of the holistic plans (i.e. CM, IM, DR, BC, and RM plans).

    I’d say that it is best practice to have a crisis management plan in place; alongside the other important plans that support effective and smooth critical business operations.

    Perhaps you need to implement ISO-22301 Guidelines within your organisation?

    ISO 22301 is applicable to all organizations, regardless of size, industry or nature of business. It is also relevant to certification and regulatory bodies as it enables them to assess an organization’s ability to meet its legal or regulatory requirements.

    — International Organization for Standardization

  5. Leverage relevant and applicable Coronavirus Relief Scheme

    Several national and regional governments have established schemes to help businesses and organisations; of different sizes and in various sectors; survive the impact of the coronavirus outbreak.

    These schemes, or variations thereof, already exist in several countries including the US, the UK, Germany, France, and Canada.

    If you’re a small business; or if your business or organisation satisfies set-out criteria; it may be useful to leverage aids and assistance available under applicable scheme.

  6. Have a two-tier board system in place

    Does your business or organisation need a supervisory board?

    A supervisory board is made up of non-executive directors that work very closely with (and assist) the executive directors to help ensure key business objectives/policies are tracked from inception to execution, by providing timely and invaluable advice.

    Non-executive directors who don’t see the crisis coming; that is a crisis in itself.

    — Willem Stevens

    Both the executive board and the supervisory board form what’s called the two-tier board system. Of course, the executive board should always be in charge, and fully accountable for enterprise-level decisions and outcomes.

    If all goes well, the board and non-executive directors form a kind of one-tier board during a crisis situation, in which non-executive directors get different responsibilities…. This changes nothing in the role of a non-executive director as such; that will always be to give advice, to test and approve.

    — Charlotte Insinger

  7. Know your lemons from your oranges

    In the midst of all there is to do, it probably easy to inadvertently take your eyes off the ball, particularly, regarding quite a few other important matters like regulatory and compliance requirements, and increased malicious cyber activities that stem from the COVID-19 crisis.

    At times like these, matters such as these may not necessarily be on top of your to-do list.

    Getting your business back on winning ways with innovative and well-planned and executed strategies is very important.

    But these matters should certainly be somewhere on your priority list, because they are important and could quite easily make situations worse if and when they ever go wrong.

    know lemons from oranges

Right now, lockdown measures in your location may have been lifted, are about to be lifted, or not even planned to be lifted very soon.

But the fact remains that these measures will eventually be lifted, and life would gradually return to normal.

So, at the end, all businesses and organisations must be ready for the imminent change.

And, with the right set of plans and actions, you and your team can be confident that you’re all prepared and setup for success in the new order.

Our research shows that three of the four qualities of a great business leader are largely intuitive: (1) sets vision and strategy; (2) drives growth; and (3) displays financial acumen. The fourth is managing crises. [This fourth quality] is underappreciated, overlooked, and often not even one of the top requirements – until a crisis hits.

Are there some other insightful and important tips you’d like to add? Share your thoughts and views.

Stay safe. Stay productive. Lead your team from the front. Lead your team to the next phase.

lead your organisation during covid-19

Top Tips to Organise and Lead Your Organisation During Coronavirus Pandemic

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 0

Coronavirus; COVID-19; has continued its spread to several nations around the world, severely impacting the worldwide population and global economic activities.

In recent weeks and months, as the COVID-19 pandemic continues to spread, several businesses, organisations, national governments, and government agencies all over the world have had to introduce extraordinary and stringent measures to help control and limit the spread of the disease.

Recent news and stats show that the United States is now the epicentre of the COVID-19 pandemic, as the US surpasses China and Italy with over 100,000 reported cases and over 1,700 deaths (as at 28/Mar/2020).

In a previous article, I listed some of these measures and guidance, and discussed 8 key ways that businesses and organisation could manage disruptions caused by the coronavirus outbreak.

Yesterday, here in the UK, it was announced that the Prime Minister, Boris Johnson, and the Health Secretary, Matt Hancock, have both tested positive for the coronavirus.

Also, the nation’s Chief Medical Officer, Prof Chris Whitty, is self-isolating after showing symptoms compatible with Covid-19.

You’d agree with me that remotely leading a project team of a few people is arguably challenging enough, and requires resourcefulness, tenacity, and leadership qualities.

And doing so in these rather disruptive times is even more challenging.

But I’ll reasonably argue that such challenges aren’t as enormous as the challenges faced by leaders of businesses, organisations, and nations at all levels; people who are inherently required to demonstrate sound leadership qualities and preparedness in the face of critical crisis like the COVID-19 pandemic.

This set of challenges appear surreal and, perhaps, somewhat overwhelming. But, like every other challenge out there, these challenges are eventually manageable and conquerable.

In this article, I share my thoughts, suggestions and tips on key ways that leaders can effectively organise and lead their businesses and organisations during these unprecedented times:

  1. Make sure you have the right sets of IT tools & kits required for the job

    Your collective abilities to effectively communicate and have virtual meetings depend largely on the state and effectiveness of whatever technologies, tools, and systems you have available to you.

    “Your collective abilities” as used here refers to the abilities of your entire team, and not just you as the leader.

    So, perhaps, a good starting point would be to assess and review the state of your IT assets (at work and at home), get a detailed overview of what is available to each member of your team, and make purchases or hire as and where deemed necessary.

  2. Get everything started right now

    Raising purchase orders or material requisition requests where applicable, and getting these fulfilled do take time.

    And, with several employees already working from home or not physically present in your business locations due to national or regional restrictions on travels, chances are the lead time required to meet these requests could be more.

    Getting people connected is generally considered not too difficult, given the types and the top levels of technologies and tools available today for online virtual collaboration and teamwork.

    But getting remotely connected people to be considered collectively productive and efficient takes some reasonable amount of time, patience, perseverance, tenacity, and efforts.

  3. Increase your engagement & (virtual) presence

    In crisis times, like we have now, more frequent regular productive meetings of senior management and leadership help establish effective crisis management as well as pull together key measurable objectives set out by the leadership team.

    So much of what some of your employees are dealing with are invisible. As a leader, especially in crisis times, you need to be as transparent as possible, and lead from the front, with a touch of empathy and sound reasoning.

    Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.

    — Marie Curie

    Yes, each meeting should be short, usually no longer than 30-45 minutes but packed with clear measurable tactical and strategic objectives that can be tracked and used as sound basis for insightful reporting.

    As a trusted leader, your presence (or perceived presence) during meetings allows a calm atmosphere, and encourages your colleagues and team members to focus, involved, and participate in discussions.

  4. Recognise you’re human too

    It’s very good and noble to be present and available to your team and people that depend on you too get their respective jobs done.

    However, please do remember you are still human, and can only do so much.

    You may have family members that need you as well; particularly young children that wholly depend on you for your existence and wellbeing.

    At a time like this, almost everything will appear stressful and somewhat overwhelming.

    Remember, it’s okay not to be okay sometimes, even as a leader.

    If you aren’t feeling too well on a particular day or at a particular time of the day, don’t pretend that everything’s okay because the quality of your deliverables will suffer; and some members of your team will find out, sooner or later.

    As rightly captured by Carley Sime, “Leadership vulnerability is about sharing what’s appropriate in the workplace and having some boundaries around what is helpful and apt and what isn’t.”

    Leadership vulnerability isn’t about pretending to be a superman (or superwoman), a fictitious person without any limitations or personal challenges.

    Remember to always keep it real!

    Take good care of your own physical and mental wellbeing.

    Vulnerability sometimes seems out of place when dropped into the work sphere but it really is powerful stuff. Vulnerability, as a resource in leadership and within the workplace, can impact the entire culture and creativity of a team.

    — Carley Sime

    Take the time and efforts necessary to find that fine balance necessary for you to care for your physical health, your mental health, your emotional health, your direct family member, your work team, and finally, for you to take care of your responsibilities and commitments at work.

  5. Slap the table only when you are informed enough to do so

    Metaphorically and in many cultures, “slap the table” expression is generally used to demonstrate emotions (usually anger or frustration), to express objection to a statement or claim made by a speaker, or to emphasise a key point expressed in one’s speech.

    Also, the expression is generally used, particularly in military vocabulary, to convey closure, decisiveness, and accountability on a subject that has been extensively and sometimes tirelessly debated in a group discussion without end.

    The expression seemingly demonstrates that the leader has decided upon themselves to make the final decision on the subject, that the leader is accountable for the decision so taken, that the final decision taken is binding on everyone in attendance at the meeting, and, more importantly, that the decision is collectively understood and everyone is expected to align to the common decision on the subject discussed.

    Often when you think you’re at the end of something, you’re at the beginning of something else.

    — Fred Rogers

    From time to time, particularly during leadership meetings, you will need to slap the table; believe me, it’s inevitable and it comes with the territory.

    But, as a good leader, you shouldn’t be in a haste to slap the table and you shouldn’t do that too often either.

    As a good leader, you should always endeavour to be effective in your decision-making process – be all-inclusive, ensure clarity of purpose, identity points of misconstruing or misrepresentation of collective decisions and plans of action.

leade your organisation from the front

Lead from the front. Lead with clarity and defined purpose.

Ensure that you’re always communicating with your team.

Ensure that you practice and encourage an effective decision-making and all-inclusive process within your business and organisation, particularly within your leadership team.

At a time like this, over-communicate is overrated!

Stay safe. Stay productive. Lead your team from the front.

Back To Top
Management Wire

ManagementWire © 2015-2023. All rights reserved.

Terms of Use

Privacy Policy

Cookie Policy

Contact