Industry study indicates that nearly half of security pros have been taken off some of their regular duties due to Covid-19

Cybersecurity professionals are being sidetracked by coronavirus home working drive

Senior cybersecurity professionals have been diverted from their usual duties to support their employer’s migration to a home-based workforce amid a threat landscape darkened by Covid-19, a study has suggested.

Some 47% of respondents to the (ISC)2 Covid-19 Cybersecurity Pulse Survey, published today (April 28), said they had been taken off some or all of their regular security-related duties to help equip a mobile workforce, among other IT-related tasks.

A far greater proportion still of (ISC)² members polled – 81% – said their job function had changed to some degree during the pandemic.

(ISC)², the 150,000-member association of certified cybersecurity professionals, found that 23% of respondents had tracked an uptick in cybersecurity incidents – doubling in some cases – as the world’s office-based workforce transitioned beyond the conventional network security perimeter.

An overwhelming majority said their employers (96%) had at least some of their workforce working from home, with 90% of respondents themselves now working remotely full-time.

Other findings from the online survey, completed during April by 256 professionals with responsibilities for securing their organizations’ digital assets, included:

  • 81% thought their organizations viewed security as an essential function during the pandemic
  • 15% lacked the resources needed to support a secure remote workforce
  • 41% said their employers are followed best practices to secure their remote workforce, while another 50% agreed with the caveat that they could be doing more

“Security at this point is a best effort scenario,” said one respondent. “Speed has become the primary decision-making factor.”

Another said Covid-19 has “hit us with all the necessary ingredients to fuel cybercrime: 100% work from home before most organizations were really ready,” as well as “technical issues […] plaguing workers not used to [working from home],” and the “temptation to visit unverified websites.”

Others saw the crisis as an opportunity to rethink “the compromises we are willing to make” and to “enact contingency plans for large-scale remote work due to natural or man-made disasters.”

Coronavirus snapshot

While “not an in-depth study”, the survey “does provide a current snapshot of the issues and challenges our members may be facing during this unprecedented time,” said Wesley Simpson, COO of (ISC)2.

Speaking to The Daily Swig, he added: “Organizations all around the world are navigating the current situation by trying to find a balance between making their systems easily accessible to remote employees and making sure that access is as secure as possible.

“It often falls on cybersecurity professionals to determine how to make both happen simultaneously.”

RELATED Coronavirus: How to work from home securely during a period of isolation

Similar research published today by the Neustar International Security Council (NISC) found that the rush to remote working had caused at least moderate disruption to network security for 64% of cybersecurity professionals, and major disruption to another 23%.

(ISC)2, which is perhaps best known for its CISSP certification, was well prepared for lockdowns and stay-at-home orders, since its workforce was already partially working remotely.

“Training and education continue to be offered online using a mixture of instructor-led online classes, as well as our long-established online self-paced learning, which uses pre-recorded sessions and modules that individuals can work through on their own schedule,” the association’s Deshini Newman told The Daily Swig last month.

A panel of cybersecurity executives will discuss the (ISC)2 survey findings during a webinar at 13:00 EDT (17:00 UTC) today.

RECOMMENDED How to become a CISO – Your guide to climbing to the top of the enterprise security ladder