How Cybersecurity Staffing May be Impacted During COVID-19 Recovery

Operating budgets will be monitored with scrutiny for the near future as COVID-19 recovery remains uncertain. For many organizations, this may mean that traditional hiring practices will likely be greatly limited, and one of the functional areas that may be affected by hiring limitations is information security.

In the age of cyber threats and breaches, the importance of the information security function is starting to take root. It’s a sector that’s rapidly growing; the Federal Bureau of Labor Statistics anticipates that between 2019 and 2021, information security jobs will be growing at a rate of 31%, much faster than the average. A jobs report estimated that 3.5 million cybersecurity jobs would be available but unfilled by 2021.

An unfortunate consequence of COVID-19 related cash flows may be that competing for talent within the information security sector may become that much more difficult. Organizations that cannot fill the staff they need for information security protection may consider alternative solutions. Information security efforts can be enhanced through co-sourcing cybersecurity professionals, especially if your organization has a specific plan of action to meet the demand of your board or a specific oversight committee.

Risk Environment

As operations leverage remote work capabilities and the technology sector continues to roll out unique virtual solutions to in-person functions, securing data will be an even greater facet of operational oversight. Now is not the time to undercut the importance of security protocol due to the level of risk associated with flexible work environments in terms of exchanging sensitive data, especially financial information.

Malicious actors are betting on companies making mistakes during the remote work migration and seeking to leverage their disingenuous position based on your uncertainty. The spring saw several COVID-19 phishing fraud schemes seeking to gain personal information by posing as a legitimate agency.

The Growing Importance of the Cybersecurity Team

In this elevated risk environment, controls encompassing information security are essential. It is important for your organization to revisit the nature of your security policy regarding data transfer and overall security standards surrounding completing regular business activities outside of the office. Best practices for IT security should be observed including use of a Virtual Private Network (VPN) and a reliable way to share and store information.

Understanding how to articulate your current information security position will also be important. Storage of sensitive information, general access to information systems, and modifications in protocol to adopt remote work practices will be priority concerns for regulatory authorities, stakeholders and clients, and financial statement auditors. Sound protocols can be seen as a means to assure stability as your business confronts to new challenges, such as bringing more of the workforce back into the office following extended remote work periods.

The advantage of having an in-house cybersecurity team is that it tasks a team with specifically reviewing and improving information security protocol and strategy, including data integrity, governance frameworks, security training, and third-party service provider services.

Building the team you need in-house, however, may not be feasible in the current environment given budgetary constraints and the highly competitive market. During the disruption from the pandemic, organizations may have been forced to combine security responsibilities such as rolling the Chief Information Security Officer (CISO) function into a Chief Information Officer (CIO) role or putting more CISO responsibility on a managed service provider to keep up with the demand of IT infrastructure concerns and day-to-day obstacles of hosting remote employees.

Some entities may be seeking to restructure their security teams and provide a more holistic approach by bringing in associates with ancillary backgrounds to fill vital roles. While this approach has its advantages in terms of addressing the skills gap, it might not be the most appropriate operational solution. Existing resources may not have the desired resumes to mitigate key security risk factors or be knowledgeable of the new threats associated with the changes in their environment.

Bringing in an external team to serve as a resource for your information security environment can help ensure key risks are addressed without the expense of hiring and onboarding new associates. These professionals can help bring information teams up to speed that have had their efforts refocused, or have been recently hired to ensure your organization has the appropriate information security framework.

Co-sourcing the cybersecurity function can also provide support for time-intensive reporting projects, such as reviewing and preparing information security controls for the next audit year, responding to security questionnaires from clients, or helping facilitate Systems and Organization Control (SOC) report requests.

For More Information

For more information about how co-sourcing the information security function may benefit your organization, please contact Ray Gandy.

Published on October 05, 2020