Blog

Workforce Study: Reviewing Cybersecurity’s Pandemic Response

Dec 16, 2020

Comms-Workforce-Study-Cover In a year that presented so many challenges – a global pandemic, social unrest and an economic downturn – one success is worth noting: When cybersecurity professionals were called upon to secure remote environments in a hurry, they stepped up.

As many companies were forced to shift to a work-from-home model because of COVID-19 for most or all employees, cybersecurity teams went to work on securing both these newly created remote environments and existing corporate networks. Data from (ISC)²’s 2020 Cybersecurity Workforce Study shows respondents believe those efforts were largely successful.

Even though 30% of cybersecurity professionals had a deadline of one day or less to transition staff to remote work and secure their environments, 92% of study respondents say their organization was “somewhat” or “very” prepared to respond. Only 18% of respondents saw an increase in security incidents during this time.

“The response to COVID-19 by the community and their ability to help securely migrate entire organizational systems to remote work, almost overnight, has been an unprecedented success and a best-case scenario in a lot of ways,” said (ISC)² CEO Clar Rosso in a press release. “Cybersecurity professionals rose to the challenge and solidified their value to their organizations.”

Welcome Signs

The confidence expressed by cybersecurity workers in the workforce study is a welcome surprise, especially considering reports early in the pandemic that threat actors were stepping up attacks.

That the organizations represented in the study fared as well as they did – at least back in Q2 when the study was conducted – indicates a level of expertise and readiness among cybersecurity teams that wouldn’t have been as evident without the pandemic. Then again, it isn’t surprising that cybersecurity professionals can turn on a dime to respond to a crisis because that is a big part of the job even in the best of times. In fact, Juliette Kayyem, who delivered a keynote address at the virtual (ISC)² Security Congress 2020 in November, drew a parallel between cybersecurity and the pandemic response.

Another reasonable conclusion from the cybersecurity profession’s success in setting up remote environments is that organizations as a whole are doing a better than adequate job at selecting and training cybersecurity team members. So the message of the need for a strong cybersecurity posture appears to be getting through.

Concerns Remain

Still, there are some concerns regarding the pandemic’s effect on cybersecurity budgets. 54% of study respondents say they are concerned about a negative impact on personnel spending while 51% are concerned about technology spending.

Cybersecurity workers also worry about health and safety issues. Among those still working in an office environment, 78% say they are either “somewhat” or “very” concerned about their personal safety because of the virus.

Lastly, cybersecurity teams cannot rest on their laurels. Even though most organizations have fared well, the fact remains a lot of remote environments were set up in a hurry. And that means shortcuts were inevitable. As such, cybersecurity teams should be reviewing everything they did in implementing remote environments, measuring effectiveness, and taking steps to address any gaps. The pandemic isn’t over, and cybersecurity vigilance will remain a critical need as long as it lasts – and beyond.