Certified cybersecurity professionals association (ISC) has released a survey of 256 cybersecurity professionals which shows many of them have found their jobs have changed during the pandemic with 90 percent of them indicating they are now working remotely full-time.
Wesley Simpson, COO of (ISC), said: “While this was certainly not an in-depth study of the situation, it does provide a current snapshot of the issues and challenges our members may be facing during this unprecedented time. Sharing this information helps our members and other professionals in the field understand the challenges their peers are facing, and hopefully realise they are not alone, even if many of them are feeling isolated as they adjust to working from home.”
The (ISC)2 COVID-19 Cybersecurity Pulse Survey’s findings shed light on the recent adjustments that organisations have made to maintain their business operations and the impact on cybersecurity professionals. Findings include:
• 96 percent of respondents’ organisations have closed their physical work environments and moved to remote work-from-home policies for employees; nearly half (47 percent) said this was the case for all employees, while 49 percent indicated that at least some employees are working remotely
• 23 percent said cybersecurity incidents experienced by their organisation have increased since transitioning to remote work – with some tracking as many as double the number of incidents
• 81 percent of respondents said their organisations view security as an essential function at this time
• 47 percent of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce
• 15 percent of respondents indicated their information security teams do not have the resources they need to support a remote workforce, while another 34 percent said they do, but only for the time being
• 41 percent said their organisations are using best practices to secure their remote workforce, while another 50 percent agreed, but admitted they could be doing more
• Almost one-third of respondents were aware of someone in their organisation who has contracted COVID-19
The survey asked respondents to share comments about the challenges they face during COVID-19. Some of the themes that came to light included a lack of hardware to support a larger number of remote workers, the struggle between organisational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office.
One respondent commented: “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”
One respondent summed up the factors that have contributed to an opportune situation for cybercriminals:
“COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100 percent work from home [WFH] before most organisations were really ready, chaos caused by technical issues plaguing workers not used to WFH, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information, remote workforce technology supported by vendors driven by ‘new feature time to market’ and NOT security, employees taking over responsibilities for COVID-19 affected co-workers (unfamiliarity with process), and uncertainty regarding unexpected communication supposedly coming from their employers.”
Several respondents also viewed the pandemic as an opportunity for future process improvement, however, as the following comments illustrate:
“With a majority of the workforce staying home we will all need to rethink our policies and the compromises we are willing to make. People seem to be thinking more about security when they are working remotely, which is a good thing.
“Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters. Enabling remote work also has the benefit of appealing to potential employees when recruitment is a concern.”