IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

CISOs reveal secrets to pandemic success in critical organisations

The pandemic presented unique challenges for every business, but organisations tasked with delivering critical services may have worked the hardest

Security leaders at some of the world’s most critical organisations have revealed the inner workings of how they were able to get their staff to buy into a culture of security at a time when they needed to the most.

Chief information security officers (CISOs) at NHS Scotland, IMC Companies, and Israel Airports Authority, speaking at Check Point’s CPX 360 EMEA conference this week, told of the massive challenges they faced in suddenly shifting large workforces to a remote working basis.

NHS Scotland faced a huge number of difficulties as it introduced new initiatives and COVID-19-related innovations, and cyber security was naturally at the heart of the overhaul of its ways of working.

Information governance and data protection were at the forefront of the concerns, but the organisation also had to maintain trust with the public and other authorities when rolling out services such as track and trace.

But Scott Barnett, director of national security operations centre at NHS Scotland, said the pace of development in the Scottish health service has been “incredible” and it was a “necessary” response to the pandemic.

To effectively manage the innovations required to deliver public health services, Barnett placed a lot of effort on internally advertising his team’s security capabilities with developers tasked with creating new digital public health services.

He also said he wanted to ensure his security team wasn’t being seen as an unnecessary “blocker” to development, but helped the programmers at every stage of the development process.

“[Security was] absolutely crucial with the amount of scrutiny on the health service, that the reputation is protected,” he said. 

“Trust was a huge element throughout the pandemic, in terms of whether it's providing the capability to schedule, attend, and receive vaccines; whether it's for the booster programme that we've recently been involved in; or whether it's to enable people to take part in and contribute to our track and trace and our whole reporting of health data initiatives - all of which we brought digitally to the front door of our citizens in Scotland, over five million citizens provided by a 200,000-odd workforce.”

He went on to say “security is everyone’s accountability” and that he believes he has managed to accelerate that conversation within NHS Scotland - one of the main positives he draws from “what has been a horrific situation globally”.

An easier transition for some more than others

The situation was markedly easier for David Ulloa, CISO at IMC Companies, who was enjoying a Caribbean holiday with his family in March 2020 when he got a call from his chief information officer (CIO).

With distinct urgency in his voice, Ulloa said, the CIO asked if the company VPN was ready after realising that the majority of the international corporation’s staff would soon have to go remote.

Ulloa was unfazed as the company had fortunately finished setting up the necessary remote working infrastructure only a month prior to the onset of the pandemic.

Before that day in March 2020, just 2% of IMC’s workforce was remote but the COVID-19 pandemic eventually forced a total of 60% to move to home offices. He said this represented around 50 devices using the company VPN pre-COVID to more than 800 almost overnight. 

“Last year before that week, when we moved to remote, we were 2% remote,” said Ulloa. “By the peak of the pandemic, we were 60% remote - just like that. 

Related Resource

Why smart businesses view a data fabric as an inevitable approach to becoming data driven

Adopting a data-driven strategy for success

Whitepaper cover with title and grey square graphic, green top banner and Hurwitz logoFree Download

“Just imagine all the complexity that goes on in the background, but we didn't even feel it because we had the infrastructure to provide the service to our business units. And for us to make sure that they had what they needed to make business happen.”

It’s a shift in working conditions that IMC - the success of which saw the company double in size during the pandemic - would never have been experimented with had the pandemic not happened, Ulloa said.

Despite the “perfect timing” of events unravelling, as Ulloa put it, the company demonstrated great competence in its cyber security strategy, as it needed to be with corners of its business being a critical element in the supply chain.

Deploying services for a multinational company in the space of just a few months with minimal friction was a feat in itself, but Ulloa also spoke about the company’s efforts to document all the new services in an easily accessible way. 

It was this documentation, accessible through a simple QR code sent to employees, as well as the carefully chosen technology stack, that made the move to remote work so easy for everyone involved. 

An old issue with novel approaches

For the Israel Airports Authority, its CISO Roee Laufer said working from home was not a particularly worrying ‘vulnerability’ but the real challenge was shifting a large number of workers to remote work.

“I hear a lot of discussions around introducing new types of vulnerabilities [like] working from home etc. [but] I think it's it's not a matter of new vulnerabilities,” he said.

“I think for us it was more [a case] of dealing with the quantity, the rise in the numbers of resources using remote capabilities, rather than introducing new capabilities that weren't around before. So in that sense, I think that was the major difficulty.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download


Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks

Swift exit: How the world cut off Russian banks

24 Jun 2022