Nearly 10 Million People Filed for Unemployment in the US: What Does It Mean for the Cybersecurity and IT Workforce?

The number of new people claiming unemployment benefits totaled a staggering 6.648 million last week — doubling the record set a week earlier, the Department of Labor said recently.

In addition, a revised 3.307 million initial claims were filed the prior week ending March 21, 2020.

The advance seasonally adjusted insured unemployment rate was 2.1 percent for the week ending March 21, an increase of 0.9 percentage point from the previous week's unrevised rate. This is the highest level for insured unemployment since July 6, 2013 when it was 3,079,000, says the Department of Labor.

The previous week's level was revised down by 19,000 from 1,803,000 to 1,784,000. The 4-week moving average was 2,053,500, an increase of 327,250 from the previous week's revised average. This is the highest level for this average since January 14, 2017 when it was 2,062,000. The previous week's average was revised down by 4,750 from 1,731,000 to 1,726,250.

labor - covid19

labor2 - covid19

Businesses have been forced to close as much of the country has been ordered to stay at home for at least several weeks to help fight the spread of the coronavirus. This has contributed to millions of people filing for unemployment and nearly every state reporting on claims cited the pandemic's broad impact. The Labor Department added, " States continued to identify increases related to the services industries broadly, again led by accommodation and food services. However, state comments indicated a wider impact across industries. Many states continued to cite the health care and social assistance, and manufacturing industries, while an increasing number of states identified the retail and wholesale trade and construction industries."

How does this impact the cybersecurity workforce? Security magazine spoke to many cybersecurity experts to get some insight.

Fausto Oliveira, Principal Security Architect at Acceptto, a Portland, Oregon-based provider of Continuous Behavioral Authentication: “Recently, I have seen a few people on social media announcing they have been laid off and that they are looking for new opportunities. I can’t say if that is happening due to coronavirus, or if it is business as usual, however, there has certainly been cost containment measures put in place around the world as companies tighten their spending in order to free up money to face the downturn in the market.

As companies layoff part of their workforce, the cybersecurity function may be impacted at a time when threat actors are increasingly using the current crisis to perform attacks. Losing cybersecurity and IT staff at this point in time increases the risk of a successful attack and may impair the ability of a company to sustain the large volume of remote workers.

MSSPs are certainly a good choice when the financial cost of the cybersecurity function exceeds what the company can afford. I imagine that if the current scenario of personnel working from home and layoffs remains in place, then we will see a surge in the usage of MSSPs to address security gaps and act as a virtual cybersecurity function.”

Timur Kovalev, chief technology officer at Untangle, a San Jose, Calif.-based provider of comprehensive network security for SMBs: “It will be dangerous if cybersecurity jobs are thought of a luxury, or a component that can be downsized when times get tough. The costs that could be incurred if a data breach occurs, or if systems are taken down because of malware or ransomware could easily put a small to medium sized company out of business for months, or forever.

It’s important for all concerned to understand that the risks of an attack are, especially now, during the COVID-19 crisis where attackers are looking for new ways to cause harm, and make profits with their malicious ways. There are more and more stories coming to light about healthcare facilities being targets of ransomware attacks and, in the United States, another malware attempt has come to light. Cybercriminals are targeting those who are expecting to receive federal financial relief and posing as Costco (SOURCE), falsifying "free" or promotional items available for purchase through SMS texting.

Cybersecurity and IT professionals are going to be crucial, essential positions during this time, especially as employee and business leaders are focused on weathering the crisis, and possibly missing the signs of an attack happening to them. MSSP’s will certainly find themselves playing a part in protecting against businesses over the COVID-19 crisis. If companies downsize any of their IT/Security/Networking staff, then outsourcing these functions to a trusted MSSP would be an alternative.”

Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management: “The issue is not that there may be layoffs, it’s that there still aren’t enough skilled resources available in security today. Shortages in skills and capabilities are being revealed as major security incidents damage organizational performance and reputation. Building tomorrow’s security workforce is essential to address this challenge and deliver robust and long-term security for organizations in an age where we are seeing more and more remote workers.

One specific area that organizations need to deal with is the rise of the insider threat with so many disgruntled employees who have been furloughed, or let go, from their jobs. The trust organizations are placing in insiders has grown with advances in information technology, increasing information risk and changing work environments. This trend will continue as the volume of information insiders can access, store and transmit continues to soar – and mobile working for multiple employers become the status quo.”

Jack Mannino, CEO at nVisium, a Herndon, Virginia-based application security provider: “Companies who raised a significant amount of capital, while burning through piles of cash, have begun to reset their staffing levels. Over the past two weeks, we have seen a significant increase in resume submissions, indicating job seeking in security has ramped up as positions are eliminated.

The challenge for many organizations who believe they’ll survive this downturn is continuing to accomplish their security must-dos with significantly less resources. Relying on a pool of trusted security partners is critical, as niche skills or deep expertise may come from external sources when internal headcount is constrained.

Historically, companies have increased their security outsourcing in periods where it’s hard to justify increasing or maintaining internal head count. It’s important for security providers to understand that their goal is to help an organization maintain security continuity during this period, not to replace their teams long term.”

Chris Morales, head of security analytics at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyber attackers: “The volume of jobs in cybersecurity and IT far exceeds the available people to do those jobs. The only employees I could imagine are losing their jobs are from companies that are in a very bad position right now and are laying off a large mass of personnel.

I have not heard of this happening at all in any trending way. If anything, I am finding that security analysts are working even more right now, not less. Cybersecurity and IT are seeing an upward trend and these staffers are a priority for organizations of all sizes in today’s remote work environment.”

Joseph Carson, chief security scientist and Advisory CISO at Thycotic, a Washington D.C. based provider of privileged access management (PAM) solutions: “Most those layoffs have been related to events and conferences which are hard hit right now with most events either being cancelled, postponed or converted into digital only. I have not heard of any impact to IT security professionals as most companies are heavily dependent on those professionals, enabling companies to continue to operate remotely. This has accelerated the largest digital transformation shift to remote working ever seen. With this shift, cybersecurity priority has increased significantly. Some contractors, however, have been impacted with reduced work. But I am optimistic that this will be temporary. Let’s face it, any company that is reducing IT security staff while transitioning to remote work are surely going to be at a higher risk of becoming a victim of cybercrime.”

How is the coronavirus pandemic affecting your security operations? Have you lost your job due to the pandemic? Or have you seen in increase in the need for cybersecurity and IT personnel during this time? We'd like to know. Email us at henriquezm@bnpmedia.com

*Images courtesy of the U.S. Department of Labor.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.