The Human Strategy is the Best Cyber Defense to Combat COVID-19

The pandemic has highlighted the critical need to cultivate the workforce to ensure there are highly skilled professionals to meet the new demands

COVID-19 has impacted every facet of life and business. Millions of people around the world have been working from home to collectively slow the spread of the coronavirus. However, as the global workforce migrates from physical corporate locations to less-secure home offices, this new reality creates increased cyber threats, as employees exchange what can be sensitive data in order to prevent business operations from coming to a standstill.

This tectonic shift in our daily way of life has made it easier for malicious hackers to exploit and target remote workforces, the tools we use daily for communications and even our critical infrastructure - exposing weaknesses in our cyber defense strategies. At Siemens alone, an average of 130,000 employees all over the world have been connecting to the company’s intranet from home since mid-March – nearly four times more than usual.

It’s certain that our way of life and work will dramatically change even past COVID-19, and it’s likely that many organizations will adjust their remote working policies, both in response to global realities but to also remain competitively attractive to recruit the right quality of staff.

Before the pandemic, recruiting for cyber jobs was a critical challenge for many companies. Fast-forward to where we are now and the need for a highly-skilled cyber workforce is even more paramount.

By next year it’s estimated that there will be millions of unfilled cybersecurity jobs worldwide, with damage from cybercrime expected to cost trillions of dollars. While many predictive and preventative advances have been made in addressing cybersecurity issues through technology, we can’t solely depend on data and machine learning tools to guard against hackers trying to break into networks. We need people to make sense of the information.

To really tap into our best defenses, the human strategy – investing in these knowledge-based digital skills – is as vital as the R&D strategy and the technologies we use. While digital analytics might detect something strange, the human expert is essential to decide if there’s really a cybersecurity problem at hand or not. People will always be central to cybersecurity and will need organizational support and investment.

In recruiting for these vital roles, one of the most important points to get across is the “why” a cybersecurity career matters. Many still see cybersecurity as something that exists separate from the day-to-day business or the larger goals of an organization. But there’s far more work now being done in product design in partnership with engineers and project managers working with industry, cities, and infrastructure. And security is central to every business strategy.

This work is helping to shape the actual products and services that are being brought to the market. This position touches every aspect of the enterprise. Particularly for a young person entering business today, the opportunity to start somewhere in an organization and end up nearly anywhere is what cyber offers.

Cybersecurity skills are not only the gateway to a good-paying job and career, but they also offer people the chance to work on the frontlines of a major challenge that’s affecting millions of people and spanning industries, geographies, and backgrounds.

Companies can benefit from working alongside the public sector, especially the education system, to educate the people who may have a talent for this kind of work. At Siemens, we’ve been working with universities and also reaching out to the community college system. We are partnering with them to expand and create new cybersecurity programs to teach the skills that will be needed to secure manufacturing facilities and public services in the near future. Additionally, we’re looking to our partner ecosystem for those with the drive, curiosity and both hard and soft skills cyber increasingly needs.

For example, the Siemens Foundation last year provided the digital manufacturing institute MxD USA a $1.25 million, three-year grant to develop the first comprehensive workforce development strategy for cybersecurity in manufacturing, part of the institute’s broader MxD Learn initiative. Leveraging investments MxD USA utilizes grant funding to support a three-pronged approach to building a highly-skilled cybersecurity in manufacturing workforce - understanding the landscape of in-demand jobs and skills through a new jobs taxonomy; building high-quality high school and community college pathways into these careers; and building industry partnerships to support apprenticeships.

In a post-COVID world, our workforce will be dramatically different. So, as we emerge as a changed society and workforce, it is critical that we focus on meeting the needs of the challenges and priorities of today, by cultivating a highly-skilled cyber workforce, ready and able to secure a modern, remote and digital world.

History has shown that times of economic hardship and global challenges produce extraordinary technologies. However, as Barbara Humpton, CEO of Siemens USA has said, our technology is only as powerful as our people deploying and maintaining it.

Kurt John is Chief Cybersecurity Officer of Siemens USA, where he is responsible for the Cybersecurity strategy, governance and implementation for the company’s largest market - ~$23B in annual revenues. In this role Kurt oversees the coordination of Cybersecurity for Siemens’ products, solutions, services and infrastructure used to deliver value to the enterprise’s customers. Kurt is also member of the Siemens Cybersecurity Board (CSB) where he works alongside colleagues to set strategy, address global challenges, and evaluate actions for opportunities in the area of Cybersecurity.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.