Cybersecurity Pros are Being Reassigned to IT During COVID-19 Pandemic

April 29, 2020

Cybersecurity professionals, responsible for securing their organizations’ digital assets, are seeing their job function has changed during the coronavirus pandemic, new research shows. Ninety percent say they are now working remotely full-time.

An (ISC)²COVID-19 Cybersecurity Pulse Survey sheds light on the recent adjustments organizations have made to maintain their business operations and the impact on cybersecurity professionals. Findings include:

96% of respondents’ organizations have closed their physical work environments and moved to remote work-from-home policies for employees; nearly half (47%) said this was the case for all employees, while 49% indicated that at least some employees are working remotely
23% said cybersecurity incidents experienced by their organization have increased since transitioning to remote work – with some tracking as many as double the number of incidents
81% of respondents said their organizations view security as an essential function at this time
47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce
15% of respondents indicated their information security teams do not have the resources they need to support a remote workforce, while another 34% said they do, but only for the time being
41% said their organizations are utilizing best practices to secure their remote workforce, while another 50% agreed, but admitted they could be doing more
Almost one-third (32%) of respondents were aware of someone in their organization who has contracted COVID-19

Challenges Facing Cybersecurity Professionals

The survey also asked respondents to share comments about the challenges they face during COVID-19. Some of the themes that came to light included a lack of hardware to support a larger number of remote workers, the struggle between organizational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office.

One respondent commented, “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”

A Perfect Recipe for Cybercrime

One respondent summed up the factors that have contributed to an opportune situation for cybercriminals:

“COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home [WFH] before most organizations were really ready, chaos caused by technical issues plaguing workers not used to WFH, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information, remote workforce technology supported by vendors driven by ‘new feature time to market’ and NOT security, employees taking over responsibilities for COVID-19 affected coworkers (unfamiliarity with process), and uncertainty regarding unexpected communication supposedly coming from their employers.”

Lessons Learned

Several respondents also viewed the pandemic as an opportunity for future process improvement, however, as the following comments illustrate:

“With a majority of the workforce staying home we all will need to rethink our policies and the compromises we are willing to make.”

“People seem to be thinking more about security when they are working remotely, which is a good thing.”

“Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters. Enabling remote work also has the benefit of appealing to potential employees when recruitment is a concern.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Cybersecurity Pros are Being Reassigned to IT During COVID-19 Pandemic

Related Articles

Related Products

Related Events

Report Abusive Comment