How the Cybersecurity Workforce is Adapting to COVID-19
This guest blog was contributed and authored by Bethea Joette.
There's no denying that the COVID-19 pandemic has had an adverse impact across the globe in all areas. But the one sector that is surprisingly also experiencing a seismic shift is the cybersecurity industry. With many companies and enterprises adopting a remote approach in an attempt to help flatten the curve, cybercrimes have been all the more rampant, testing existing security capabilities and pushing them to the limit. The situation has led to more companies relying on cybersecurity professionals to mitigate the growing problem. As a result, Ciso Mag highlighted the impact of COVID-19 on the global cybersecurity market, which is now expected to grow from $183.2 billion in 2019 to $230.0 billion by 2021. One key reason for this is that with more people working remotely, there has been an increasing possibility of breaches through personal devices and home networks. This is why the cybersecurity industry has had to adapt to the changing workforce. The promotion of zero-trust policies for companies
The zero-trust security model is nothing new, but as mentioned in What Security Looks Like in a Post-COVID World - Part 3, there might be faster adoption of the concept. A zero trust protocol is when a company maintains strict access controls and not giving anyone "trust," by default, including those who are in close proximity or inside the network perimeter. It is difficult to abide by this model especially in a work-from-home setup where employees are connected to untrusted networks, so cybersecurity professionals have had help businesses find solutions that are easier to deploy, maintain, and enforce. The move to more internal upskilling for cybersecurity protection
Instead of looking elsewhere for cybersecurity talent, more companies are starting to look internally to fill this role. Many organizations are realizing that they already have the talent they need on their payroll, and all it would take is to upskill their employees to fill the roles they need. That way, they have the added benefit of internally hiring people who are already familiar with business objectives, organizational culture, and institutional norms — factors that are crucial to employee retention and value creation. In order for this to work though, a company will need to become familiar with the areas of study that qualified cybersecurity professionals learn in order to teach their employees how to properly defend the business. While most universities teach offensive and defensive strategies, those who are employed in-house will only need to learn how to protect themselves and the company’s network and data. Case in point: Maryville University’s cybersecurity degree students are taught numerous defensive strategies that cover topics like security information, event management, and cloud security. Even a basic upskilling of these principles will go a long way and allow many companies to use their own employees rather than bringing in outside help. This will lead to more companies hiring qualified cybersecurity experts not in a defensive role, but in an educational position. Yet, with the number of attacks on the rise and more people working remotely due to the virus, it is likely that companies will still want to employ fulltime cybersecurity professionals. Creative problem solving and risk management
Security professionals are not just pigeonholed into their expertise at this point in time — they are being looked at as creative problem solvers and risk managers as well. Many cybersecurity professionals have to think outside the box and devise ways on how to educate regular employees who had to abruptly transition to working remotely as to how they can boost security at home. They’ve had to think on their feet and come up with a foolproof plan on getting employees to keep working on their regular work computers at home, all while ensuring that there are no loopholes in terms of security. In this manner, cybersecurity experts were able to figure out a game plan and abide by good practices all at the same time.
The ripple effects of COVID-19 will continue to reverberate through the coming months — maybe even years — and cybersecurity professionals must come to an understanding that remote working is going to become the new normal. As more ways are needed to strengthen and secure data security, the cybersecurity industry will continue to thrive.