CISOs have never had an easy job, but right now the pressure is particularly acute. Regional tensions, service disruptions, and shifting working patterns are stress-testing business continuity in real time, and cybercriminals are moving fast to exploit chaos. The challenge is not purely technical — security leaders must safeguard systems and maintain resilience while managing their own stress along the way. But clarity, not alarm, is what this moment demands. The leaders who navigate disruption most effectively resist fearmongering and return to fundamentals.

Drawing from the Pandemic Playbook

The early months of 2020 delivered one of the largest real-world stress tests organisations have faced. As workforces shifted overnight, the traditional network perimeter evaporated. What followed was a shift toward identity-centric security — rethinking how access is granted, privileges managed, and suspicious activity detected. The lesson is simple: resilience now depends on identity, not location. Where employees work from anywhere and attackers can impersonate legitimate users, protecting identities is the single most important line of defence.

Identity Is the New Perimeter

Disruption creates ideal conditions for cybercriminals because people act quickly and verify less. Social engineering remains the most effective entry point, and the goal is usually the same: obtain valid credentials. Once attackers hold a legitimate identity, their activity can look indistinguishable from a real employee’s. Strong MFA is one of the most effective defences — the Microsoft Digital Defense Report finds it can block more than 99% of automated account compromise attacks. But MFA alone is not enough. Enforcing least-privilege access and replacing standing admin privileges with just-in-time access dramatically reduces the blast radius if an account is compromised. Most CISOs already have these capabilities within existing identity providers; the priority is configuring and using them consistently.

Quick Wins That Strengthen Defence

Employee awareness is a critical first layer. Trained professionals still make mistakes under pressure, especially when attackers exploit urgency. Reminders about brand impersonation, and verifying official channels before sharing credentials, stop many attacks from gaining traction. Equally important is clear communication with leadership: boards need calm, evidence-based updates, not dramatic forecasts. Framing cybersecurity around operational resilience builds confidence when speculation can easily spiral.

The Quiet Strength of Getting the Basics Right

Disruption invites narrative, but most attacks still rely on the same core techniques: phishing, credential theft, privilege escalation, and lateral movement. What changes is not the method, but the intensity. The most effective response is also the least glamorous: recommit to the controls that move the needle. The fundamentals are not a fallback — they are the strategy.