(ISC)2: Cybersecurity professionals are being ‘repurposed’ by the Pandemic

The world’s largest non-profit association of certified Cyber professionals presents a snapshot of the issues and challenges practitioners may be facing during these unprecedented times

Posted 29 April 2020 by Gary Flood

Global Cyber professional membership group (ISC)² has just released the findings of a quick healthcheck about what Cybersecurity professionals’ work situations have been looking like during the first several weeks of the COVID-19 pandemic.

What it found: 81% of the 256 respondents, all of whom are responsible for securing their organisations’ digital assets, say their job function has changed during the current Pandemic – 90% are now working remotely full-time.

Other reports from the Cybersecurity frontline include:

  • 96% of respondents’ organisations have closed their physical work environments and moved to remote work-from-home policies for employees; nearly half (47%) said this was the case for all employees, while 49% indicated that at least some employees are working remotely
  • 23% said cybersecurity incidents experienced by their organisation have increased since transitioning to remote work – with some tracking as many as double the number of incidents
  • 81% of respondents said their organisations view security as an essential function at this time
  • 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce
  • 15% of respondents indicated their information security teams do not have the resources they need to support a remote workforce, while another 34% said they do, but only for the time being
  • 41% said their organisations are utilising best practices to secure their remote workforce, while another 50% agreed, but admitted they could be doing more
  • Almost one-third (32%) of respondents were aware of someone in their organisation who has contracted COVID-19

“Many of their organisations began to shift their employee bases and operations to remote work setups in March and April,” pointed out Wesley Simpson, the membership organisation’s COO.

Acknowledging this was isn’t an “in-depth” study of the situation, the group, which claims to be the world’s largest non-profit association of certified Cyber professionals, says its results still provide a current snapshot of the issues and challenges practitioners may be facing during “this unprecedented time”.

A lack of hardware to support a larger number of remote workers, the struggle between organisational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office were all also identified as issues for the sector.  

One respondent commented, “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.” 

Another concern: crime. One respondent summed up the factors that have contributed to an opportune situation for cybercriminals: “COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home [WFH] before most organisations were really ready, chaos caused by technical issues plaguing workers not used to WFH, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information, remote workforce technology supported by vendors driven by ‘new feature time to market’ and NOT security, employees taking over responsibilities for COVID-19 affected co-workers (unfamiliarity with process), and uncertainty regarding unexpected communication supposedly coming from their employers.” 

At the same time, some members say the Pandemic could be an opportunity for future process improvement: “With a majority of the workforce staying home we will all need to rethink our policies and the compromises we are willing to make… People seem to be thinking more about security when they are working remotely, which is a good thing… Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters. Enabling remote work also has the benefit of appealing to potential employees when recruitment is a concern.” 

‘Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters’

Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. For more information on (ISC)², visit www.isc2.org, follow it on Twitter or connect with the group on Facebook and LinkedIn.