The Coronavirus Pandemic Has Created Novel Cybersecurity Challenges — But It May Also Give Us a Solution to the Cybersecurity Workforce Problem

May 7, 2020

By Josh Higgins, Senior Director of Policy and Communications

The COVID-19 pandemic has created many new challenges for companies — such as managing a remote workforce, adopting new suppliers and cloud services, and a vastly expanded cyber-threat landscape — as the world works to maintain productivity through primarily virtual means. However, despite all these new challenges cybersecurity professionals at enterprises face in this new reality, there may also be a new opportunity to address the longstanding challenge of the cyber workforce gap and help organizations become more digitally structured. With a large portion of the workforce now working from home, organizations have been forced to piece together strategies to ensure productivity continues amid a work-from-home atmosphere — and it seems those strategies may be working. In conversations with state chief information officers and other state and local officials this week, even the most telework-hesitant managers have realized that their employees can continue their functions and maintain the same — or potentially even higher levels of — productivity they would have in a traditional office environment. A new survey issued this month on teleworking during the COVID-19 crisis found that most employees are seeing positive outcomes from teleworking, including increased efficiency and lower risk of burnout. Further, it revealed that 85 percent of respondents agree that teleworking is here to stay — even beyond the pandemic. While these benefits are certainly worth considering as your organization navigates a post-COVID-19 business operations strategies, there is another element for cybersecurity managers to consider specifically: Using teleworking opportunities to address cyber workforce gaps and to restructure business operations for the digital age. The state and local officials noted this week that, given the positive results they have seen with their current workforce teleworking, they are now considering using remote positions to increase the cyber workforce recruitment pool by eliminating the need for workers to be located in a certain geographic location or commute to a traditional office. The cyber workforce gap is a gigantic hurdle for organizations in the public and private sectors across industries, with the U.S. facing a shortfall of workers as large as 314,000 in 2019. Given the severity of the workforce shortage, more organizations may want to consider widening their aperture on cybersecurity recruitment and leverage remote positions to fill vastly underfilled cyber positions. Indeed, such a large challenge as this will require innovative solutions, and telecommuting opportunities could be a piece to solve this puzzle. Not only will it widen the selection of workers for organizations, it will also provide prospective employees incentives due to the personal benefits of teleworking such as greater work-life balance and flexible scheduling. Furthermore, allowing increased telework could decrease the need for workspace and thus lower cost on renting out offices. The officials I spoke with this week even noted that they could eliminate or downsize many of their statewide satellite offices and transfer those employees to full-time telework while maintaining a central headquarters in their state capital or other major urban area. This reduction and cost would not only help organizations weather the current economic downturn due to the pandemic, it could also free up resources that could be re-invested in better security. The ISA-National Association of Corporate Directors Cyber-Risk Oversight Handbook stresses this modern business prerogative bluntly: “The competitive need to deploy new and emerging technologies in order to lower costs, improve customer service, and drive innovation is stronger than ever.” The idea that workers need to be physically in a specific location for work is an outdated industrial age perspective – and the cybersecurity workforce is a modern challenge and thus will need modern solutions. The Cyber-Risk Oversight Handbook notes that over the past 25 years, the nature of corporate asset value has changed significantly, shifting away from the physical and toward the virtual. Clearly, the pandemic has only catalyzed this digital transformation, with organizations becoming more and more digitally structured. And now we are starting to get a better understanding of the benefits – as well as the risks – from migrating to a virtual method of working. And it is likely that we will never return to the traditional model as it was before the pandemic – and therefore we need to be using our time now to determine how we can create an effective working model for the modern age. Even in this new reality, there will be some positions that will need to maintain some access to specific physical locations — at least for some of the time — but we are quickly learning that many of these jobs we previously thought needed to be tethered to a desk in an office building can be done just as well in a teleworking model. In fact, early reports seem to indicate it might be more effective than working in a traditional setting. Of course there are outstanding concerns and risks that will need to be addressed in this new age of teleworking: Managing remote employee practices, risk management and assessment protocols, managing remote working software and services, and strategy and incident response plans that account for a large remote-work presence. And we need to be figuring out solutions to address these new risks as we all navigate our new reality together. However, we need to take a close look at this new opportunity to figure out how to leverage and improve on this model to potentially make a sizable dent in filling the cybersecurity workforce gap and become structured more effectively for the digital age. The cybersecurity workforce gap is a major modern problem, and it will take a seismic shift from how we are currently operating to truly address it and many of the other cyber challenges we face. We should be using our current teleworking posture throughout the pandemic to figure out solutions to our concerns about remote work and identify how we can leverage this new normal to address major cyber challenges like the workforce gap.