The Impact of COVID-19 on Cybersecurity
What impact has COVID-19 had on Cybersecurity?
In 2020, the world experienced many impacts of COVID-19, including a significant increase in remote work for businesses. With increased internet use, cybersecurity risks increase. While businesses strategized ways to conduct business remotely, cybersecurity criminals searched for vulnerabilities and increased the frequency of their attacks to access secure data from overwhelmed and unprepared new remote workers.
Help Net Security (2020) found that “The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity [professionals] saw a 63% increase in cyber-attacks related to the pandemic, according to a survey by ISSA and ESG. …Slightly more than one-third (33%) of organizations [reported to] have experienced significant improvement in coordination between business, IT, and security executives as a result of COVID-19 issues and 38% [reported to] have seen marginal relationship improvements.”
Janetta Deppa and Mark Ouellette (2020) found that during COVID-19, companies increased the digitalization of their business by creating flexible remote working opportunities. This leads to increased online interactions among clients, management, and employees, which opens businesses to more cybersecurity risks and escalates their need for cybersecurity services.
How did cybersecurity jobs change due to COVID-19?
Before COVID-19, “there was an estimated shortage of 500,000 cybersecurity professionals in the U.S. alone, with cybersecurity staffing shortages prevalent in nearly two‐thirds of organizations. Now, the gap is even wider.” (Deppa & Ouellette, 2020)
Deppa and Ouellette (2020) note that cybersecurity positions are in the highest demand among healthcare, banking, and insurance companies. “The Cybersecurity and Infrastructure Agency (CISA) has named cybersecurity engineers, risk management analysts, and information technology specialists as essential staff to assess infrastructure viability and security needs due to COVID‐19’s onset.” (Deppa & Ouellette, 2020)
Cybersecurity professionals were asked about the changes to their jobs and 80% reported that their daily duties changed as a result of COVID-19. Almost 50% of them had to transition to helping with other IT tasks, including installing virtual private networks (VPNs), solving computer and networking issues, and assisting with the IT help desk. Around 25% of the surveyed cybersecurity professionals said that their organization had an increase in cybersecurity issues when staff began working remotely. (Deppa & Ouellette, 2020)
Additional research found that COVID-19 increased the workloads, activities, and stress levels of cybersecurity professionals. Of the cybersecurity professionals surveyed, 48% reported that their cybersecurity team’s ability to support new business initiatives was impacted by the increase of remote work. (Help Net Security, 2020)
For these reasons and more, remote work due to COVID-19 has significantly enhanced the need for cybersecurity professionals. Prior to COVID-19, there was a considerable shortage of cybersecurity professionals, and this shortage is continually increasing. So how can aspiring cybersecurity professionals gain the skills and work experience they need? They can get it through work-based learning experiences like the programs offered by WorkED.
How did cybersecurity vulnerabilities and risks change because of COVID-19?
According to IEEE Innovation at Work (2021), “the COVID-19 pandemic has forced millions of professionals into remote work all around the world. In so doing, it has created major opportunities for hackers. According to a recent international survey from SailPoint Technologies Holdings, Inc., a U.S.-based tech company, 48% of U.S. participants said they had been targeted with phishing emails, calls, or text messages, both personally and professionally, over the course of six months while working from home. Additionally, more than half of Europe, the Middle East, and Africa (EMEA) survey responders, as well as those in Australia and New Zealand (ANZ), reported being phished during the pandemic—with 10% noticing phishing attempts at least once per week.”
Depp and Ouellette (2020) feel that though the frequency of cybersecurity threats has increased, the type of attacks has not changed. While remote workers are safer from exposure to COVID-19 while at home, they are now at higher risk of having their devices infected by virtual viruses due to the increased security threats on remote workers. While businesses are putting remote-work infrastructures in place, cyber criminals are increasing their use of ransomware, malware, and phishing attacks.
Part of the reason that remote workers have been victims of more cybersecurity threats is that they are completing their work on their own personal devices. Another reason is that some remote workers have shared passwords with other individuals and third parties. (IEEE, 2021)
IEEE Innovation at Work (2020) notes seven expected threats cybersecurity professionals should be on the lookout for in 2021:
- Cyber criminals will target remote workers.
- Organizations that rely on legacy security architecture, such as VPNs, will be targeted.
- With security budgets plummeting, privacy experts will turn to consolidated security solutions.
- Security threats in healthcare may cost lives.
- The financial industry will likely see increased security breaches.
- The pandemic will speed the expansion of organizations into artificial intelligence (AI) and cloud technologies.
- More people will be at risk of data theft.
How can aspiring cybersecurity professionals do to enter the field to help stave off these threats? They train for cybersecurity careers by entering training programs like those offered by WorkED.
What does the future look like for cybersecurity professionals after COVID-19?
Prior to COVID-19, only 40% of companies were mostly or fully digital. When remote work increased, the use of VPNs increased by 66%. While the demand for cybersecurity professionals will continue to increase, so too with the need for remote security tools, root access to machines, and networking capabilities. Some businesses already have these systems in place, but many others will need to enhance their digitalization abilities to compete with the digital business models of their competitors. The physical or in-office only business models are a thing of the past. In order to provide protection for their remote workers and company data as well as for their clients and customers, businesses will need to enhance the security of their devices, networks, and security protocols. (Deppa & Ouellette, 2020)
Since businesses and employees are going to need to increase both their security protocols and their knowledge of how to implement those protocols to keep data secure, cybersecurity professionals will be tasked with helping develop security policies, implement security measures, and educate their colleagues in addition to their usual tasks of preventing security breaches. (Deppa & Ouellette, 2020)
Help Net Security (2020) found that of surveyed cybersecurity professionals, 50% believe that their companies will increase spending on identity and access management, web and email security, and data security. Most (75%) cybersecurity professionals surveyed do not foresee a decrease in security spending and only 30% expect to see an increase.
Deppa and Ouellette (2020) predict four changes to the cybersecurity workforce moving forward:
- The push for remote work will cause businesses to move their networks away from physical infrastructure, so more companies will need cybersecurity roles.
- Cybersecurity professionals will need to be able to conduct work remotely (e.g., collaborate, troubleshoot, analyze threats, and use innovation to solve problems), so they will need innovative support tools and protections to prevent cybersecurity threats.
- Cybersecurity professionals have gained a broader set of skills and competencies during COVID-19 because they had to pivot to handle more IT-related issues and adapt quickly to new cybersecurity threats.
- Due to the shortage of cybersecurity professionals, businesses will need to cross-train existing IT professionals and collaborate with educational institutions and apprenticeship programs, such as WorkED, to develop the talent needed to keep up with ever-growing cybersecurity threats.
“Although COVID‐19 has resulted in much uncertainty and changing work environments, the pandemic has provided an opportunity for the cybersecurity sector to adapt and innovate to meet the rapidly increasing demand for digital services. It also presents an ideal time to attract new talent to the sector. Now and in the future, well-trained cybersecurity professionals are needed to assist a growing number of businesses who depend on these individuals to protect their data, information, and employees during these uncertain times.” (Deppa & Ouellette, 2020)
Regardless of whether a cybersecurity professional is seasoned or still training, they will need to be creative and flexible as well as show initiative and problem-solving skills. Cybersecurity professionals also need to be patient and use excellent communication skills to work with employees experiencing challenges and frustrations, especially when adapting to new technology in their work environments. Cybersecurity professionals must be able to document security policies, protocols, and processes clearly and concisely to ensure all employees of the company can follow them. (Deppa & Ouellette, 2020) They need critical thinking and problem-solving skills that can be practiced and improved through work-based learning experiences like the programs offered by WorkED.
How can students prepare for cybersecurity careers?
In the United States, the Department of Homeland Security created the National Initiative for Cybersecurity Careers and Studies (NICCS) to prepare students for the cybersecurity careers of tomorrow. One initiative of the NICCS is the Cyber Career Pathways Tool that provides a roadmap to anyone interested in learning about the many careers in cybersecurity as well as the pathways to get there. This tool can help students explore the many possible cybersecurity careers and paths to get there.
WorkED’s programs provide students with knowledge, skills, firsthand experience, and insight into the world of technology and cybersecurity by exploring the fundamentals as well as real-world scenarios. Students will also interact with cybersecurity industry professionals.
Not only do students benefit from WorkED’s programs, but so do teachers and future employers. WorkED provides industry with the opportunity to interact with students and even help design challenges that allow students to test their knowledge and skills. Educators benefit by receiving materials and support as well as having industry at the table to help advance their career-technical education pathways and engage students with workplace learning. Check out WorkED’s Cybersecurity Virtual Externship today!
Deppa, J. & Ouellette, M. (2020). The Impact of COVID‐19 on the Cybersecurity Sector. ICF. https://www.apprenticeship.gov/sites/default/files/impact-of-covid-19-on-cyber-security-industry.pdf
Help Net Security. (2020, August 3). The COVID-19 Pandemic and Its Impact on Cybersecurity. Help Net Security. https://www.helpnetsecurity.com/2020/08/03/pandemic-impact-cybersecurity
IEEE. (2021). How the COVID-19 Pandemic is Impacting Cyber Security Worldwide. IEEE Innovation at Work. https://innovationatwork.ieee.org/how-the-covid-19-pandemic-is-impacting-cyber-security-worldwide
National Initiative for Cybersecurity Careers and Studies. (2020). Cyber Career Pathways Tool. NICCS. https://niccs.cisa.gov/workforce-development/cyber-career-pathways