47% of respondents have been temporarily moved to assist with IT-related tasks during remote work, (ISC)2 survey finds.
Eighty-one percent of cybersecurity professionals said their job function has changed during the COVID-19 pandemic, while at the same time, 23% reported cyberattacks at their organizations have increased since transitioning to remote work, according to a new survey by (ISC)².
Some of the 256 professionals surveyed said they are tracking as many as double the number of incidents, according to the (ISC)², a global nonprofit association of certified cybersecurity professionals.
The (ISC)2 COVID-19 Cybersecurity Pulse Survey conducted earlier this month also found that 90% of respondents are now themselves working remotely full time.
While 81% of respondents said their organizations view security as an essential function right now, 47% said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce, (ISC)2 said.
Meanwhile, 15% of respondents indicated that their information security teams do not have the resources they need to support a remote workforce, while another 34% said they do, but only for the time being.
"The goal of the survey was to take the pulse of the cybersecurity community as many of their organizations began to shift their employee bases and operations to remote work setups in March and April," said Wesley Simpson, COO of (ISC)2, in a statement.
"While this was certainly not an in-depth study of the situation, it does provide a current snapshot of the issues and challenges our members may be facing during this unprecedented time."
Simpson went on to say that the hope is by sharing this information, its members and other professionals in the field will "understand the challenges their peers are facing, and hopefully realize they are not alone, even if many of them are feeling isolated as they adjust to working from home."
To maintain their business operations, 96% of organizations have also closed their physical work environments and moved to work from home policies for employees, the (ISC)2 survey said. For nearly half (47%) of respondents, this was the case for all employees, while 49% indicated that at least some employees are working remotely.
Another finding was that 41% said their organizations are utilizing best practices to secure their remote workforce, while another 50% agreed, but admitted they could be doing more.
Additionally, almost one-third (32%) of respondents were aware of someone in their organization who has contracted COVID-19, the survey said.
Challenges facing cybersecurity professionals
The survey also asked respondents to share comments about the challenges they face during COVID-19. Some of the themes that came to light included:
· a lack of hardware to support a larger number of remote workers
· the struggle between organizational priorities for quick deployment of remote technology and the commensurate level of security to protect systems
· helping end users understand and abide by security policies outside the office.
"Security at this point is a best effort scenario," one respondent commented, according to (ISC)2. "Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all."
One respondent summed up the factors that have contributed to an opportune situation for cybercriminals–most notably, the fact that 100% of staff are working from home before most organizations were really ready, (ISC)2 said.
"COVID-19 hit us with all the necessary ingredients to fuel cybercrime … chaos caused by technical issues plaguing workers not used to [working from home], panic, and desire to 'know more' and temptation to visit unverified websites in search of up-to-the-minute information," the respondent said, according to (ISC)2.
Also, remote workforce technology supported by vendors is driven by "new feature time to market and not security," the respondent continued, (ISC)2 said. Other issues the respondent cited were employees taking over responsibilities for COVID-19 affected coworkers who are unfamiliar with the process, and uncertainty regarding unexpected communication supposedly coming from their employers, (ISC)2.
Several respondents also viewed the pandemic as an opportunity for future organizational process improvement, the (ISC)2 said. Among the other comments the organization said were shared in the survey are:
"With a majority of the workforce staying home we all will need to rethink our policies and the compromises we are willing to make."
"People seem to be thinking more about security when they are working remotely, which is a good thing."
"Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters. Enabling remote work also has the benefit of appealing to potential employees when recruitment is a concern."
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)