ISACA: Cybersecurity teams facing big remote support challenges

Cybersecurity attacks rising during COVID-19, but only half of organisations contacted say their Cyber teams are actually on top of the issues yet

Posted 5 May 2020 by Gary Flood

Only 51% of technology professionals and leaders report they’re “highly confident” their Cybersecurity teams are ready to detect and respond to the rising cybersecurity attacks during COVID-19.

(c) Shutterstock

That’s according to new research by global standards and certification association ISACA, which also found that a very worrying 59% are confident their Cyber teams have “the necessary tools and resources at home to perform their job effectively”. 

This could presents real trouble, says the body – as no less than 58% of respondents say threat actors are taking advantage of the Pandemic to disrupt organisations. A scarily high 92% say cyberattacks on individuals are increasing. 

ISACA, which regulates things like COBIT, also found that even though 80% of the members who responded to the survey share Cyber risk best practices for working at home as shelter in place orders began, 87% of respondents still say the rapid transition to remote work “has increased data protection and privacy risk”. 

“Organisations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing,” notes the membership group’s CEO, David Samuelson.

“But it can also lead to making compromises that can leave them vulnerable to threats.

“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education. ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.” 

ISACA surveyed more than 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries in the middle of last month to assess the impact of COVID-19 on their organisations and their own jobs. 

Most of these professionals believe their jobs are safe, though 10% think a job loss is likely and 1% have been furloughed.

However, while their own positions are stable, respondents are still extremely concerned about these wider impacts of the novel coronavirus: 

  • Economic impact on my national economy (49%) 
  • Health of family and friends (44%) 
  • Personal health (30%) 
  • Economic impact on my organisation (24%). 

While respondents report being highly satisfied with their organization’s internal communications, business continuity plans and executive leadership related to COVID-19, their organizations have not been able to avoid the negative effects, including:

  1. Decreased revenues/sales (46%)
  2. Reduced overall productivity (37%—more executives than practitioners think this is the case)
  3. Reduced budgets (32%)
  4. Supply chain problems (22%)
  5. Closed business operations (19%).

Reassuringly, though, the majority of respondents expect normal business operations to resume by Q3 2020.

“It’s hard to predict what ‘normal’ will look like in the short term,” cautions the group’s Chief Technology Officer, Simona Rollinson.

“What we do know is that tech professionals, including the IT audit, risk, governance and security professionals in our community, are more necessary than ever to their enterprises, and they are well-positioned to adapt and even thrive, regardless of what changes may be in store.” 

For more information on the study, visit www.isaca.org/covid19study

ISACA’s COVID-19 resource centre, which contains resources on business continuity, secure remote work and virtual learning, is also available here.