The COVID-19 pandemic is exacerbating a vast and long-term shortage of cybersecurity professionals across the globe, even as cybercriminals increase their attacks, some experts say.
With many companies’ employees still working from home, cybersecurity professionals must defend a more extensive computing infrastructure, while some companies have laid off or furloughed members of their security teams. The number of cyberattacks skyrocketed during the pandemic, with increases of 60% or more.
As a result of the shift to working from home, “the world is seeing a significant increase in cyberattacks, which only stems from one thing: a target-rich environment,” said Chris Silbaugh, vice president of business development for CyberKnights, a cybersecurity training center. “This target-rich environment consists of people accessing critical information remotely through an internet service provider that doesn’t enable a business to necessarily monitor, nor could a business monitor all home networks.”
Home networks are easier to attack, added Jack Blount, CEO of Intrusion, a cybersecurity provider. “Our current cybersecurity defenses are designed to be used on local area networks of enterprises and SMBs,” he said. Working from home “creates hundreds of new attack surfaces and other vulnerabilities. It is easier to attack a remote work station or notebook computer connected via an ISP than a computer on a well-secured LAN.”
Simultaneously, many cybersecurity workers are being assigned to other IT tasks during the pandemic, according to a survey from security certification provider (ISC)2. The (ISC)2 Cybersecurity Pulse Survey, released in April, found 47% of those cybersecurity professionals who responded said they had been reassigned during the pandemic.
Wesley Simpson, COO at (ISC)2, told the Washington Examiner: “For an industry that was already in need of skilled professionals long before the pandemic hit, COVID-19 and the subsequent shift to remote work have strained cybersecurity professionals tasked with ensuring workers are able to work efficiently and securely from remote locations.”
Simpson added that many companies seem to have invested more in technology and tools to secure remote work than to hire more cybersecurity workers. “It’s critical that organizations realize the contributions of the experts who got them through the early phase of this transition and continue to invest in people, too,” he said. “Security technology without people to manage it and build the right policies and procedures is a recipe for a false sense of security.”
Before the pandemic, some organizations had suggested a worldwide cybersecurity professional shortage in the millions. The 2019 (ISC)2 Cybersecurity Workforce Study estimated a global deficit for nearly 4.1 million workers, including about 500,000 in the United States.
Other estimates suggest the shortage isn’t quite as big, but still significant. The Center for Strategic and International Studies, a Washington think tank, has predicted a shortage of 1.8 million workers by 2022.
“The pandemic has significantly added to the increase in the shortage of cybersecurity professionals because it has dramatically increased the need,” Blount said. “Cybercrime is up 28% in just four months because cybercriminals have recognized that the world is distracted with all the chaos the pandemic has created with unemployment, remote workers, mail order, and other challenges 2020 has thrown at us.”
During the pandemic, cybersecurity teams are being asked to do more with the same or fewer resources, said Piyush Pandey, CEO at Appsian, a Dallas-based cybersecurity company.
“Depending on your industry, you may have been asked to do drastic cuts to your budget, and IT can certainly be affected,” he said. “Unprecedented levels of attacks, coupled with hiring freezes or organizations who are just slow to hire can make the current workload misaligned with headcount resources.”
Kaylin Trychon, vice president and leader of cybersecurity practice at Rokk Solutions, a Washington public affairs firm, told the Washington Examiner: “Some of the estimates about a long-term cybersecurity skills gap may be overstated. However, there’s still a problem.”
“The pandemic has put a strain on security teams around the globe,” she said. “Security professionals have had to adapt to changing network environments, budget cuts, and an increase in cyberattacks using the pandemic as a vector for manipulation.”
The good news is that the emphasis on remote work has also led to more remote learning being available, Trychon added. “The pandemic has made available access to learning resources that were not there before,” she said. “This access could help close the shortage gap, especially as people are looking to transition their careers away from gig economy work to something more stable.”
