Emerging cybersecurity training priorities in a COVID-19-impacted business landscape.
WHITEPAPER
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
TheCOVID-19pandemicofearly2020hasnecessitatedthatbusinessesand institutions rapidlyreimaginehowtheywork, interactandcommunicate. Whiletechnologywasalreadyaclearlyestablishedenablerofworkforce effectiveness, ithas, seeminglyovernight, becometheworkplace itself. As morepeopleareaskedtorelyonmoretypesof technologyforagrowing numberof usecases , anurgent tech-relatedskillsgaphascome intofocus. InthewakeofCOVID-19, theneedfor technologyupskillingandtraining, particularly intheareaof cybersecurity, is timelierandmorecritical thanever. Inaseriesof threesurveys toCompTIAmemberbusinessesconductedinMarch, April andJuneof2020,weaimedtogainreal-time insight intohowCOVID-19 hasalready impactedtechnologyfirms, andtogaugethetrendingdirection ofpeoples’ confidenceandfear.Here iswhatwe learned.
**Unless otherwise indicated, survey responses did not vary significantly frommonth to month**
Most firms approached immediate COVID-19 changes with optimism In the early days of COVID-19 impact, a great majority of firms reported that they were immediately transitioning staff and operations to be remotely situated (85% reported that most of their staff were working remotely inMarch), necessitated by office shutdowns and concerns around pandemic exposure. While less than half of respondents (46% in April and 42% in June) indicated that their feelings around the unfolding COVID-19 situationwere “somewhere in themiddle” and that they were “hanging in there”, a similar number felt generally optimistic (46% in April and 52% in June), and just a small number (8% in April and 6% in June) reported experiencing a “very difficult situation.”
02
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
In spite of initial optimism, real challenges abound
In spite of many respondents’ cautious optimism, around 25%of firms reported that they would be postponing any interviews and recruitment for open positions; around 18% said they were cutting back hours of full or part-time staff and nearly one in seven were laying off contractors or suspending their work. A similar portion (17% in April, dropping to 13% in June) reported that they were laying off full- or part-time staff.
And in spite of the general optimismexpressed, eight in 10 businesses reported that they were impacted in significant ways, to include: customers cancelling or postponing spending (43% inMarch, rising to 58% in June); customers requesting restructuring of contracts and payment terms (26% inMarch, rising to 46% in June); alongwith lesser-reported disruptions like shortages of finished products; vendors or partners cancelling or postponing financial arrangements; and requests from investors or lending institutions for updated sustainability plans. It is evident from these surveys that the initial optimismabout firms’ ability to quickly and readily shift to a newworking environment has been dampened somewhat by a host of real-time challenges that emerged during the shift itself. In other words, it was relatively easy to ask employees towork fromhome for the foreseeable future; it has proven extremely difficult to effectively reconfigure the entire way inwhich a firmoperates whilemitigating new and emerging business challenges and cybersecurity threats. This crisis, if nothing else, has highlighted for firms that simply having the technology is not enough.
03
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
Other Ways Business Operations Affected
Businesses Are Facing Serious Cybersecurity-Related Issues
While there are numerous challenges to the flow of business itself, the rapid shift to an all-digital workplace has brought with it a host of specific cybersecurity challenges. As staff shifted their ways of working, business was suddenly conducted in arguably less secure environments with increasing unknowns and reliance on new technologies. For example, some three in four members have had to address disruptive issues related to: video conferencing; business continuity/disaster recovery (BC/DR); remote monitoring andmanagement (RMM); cloud systems; phishing attacks; ransomware, e-commerce and payment fraud, distributed denial of service (DDoS) attacks, andmore. While the host of issues related to cybersecurity grow increasingly complex, new data from CyberSeek has revealed that the supply of cybersecurity workers nationally has remained very low, with the ratio of existing cybersecurity workers to cybersecurity job openings at just 1:8 (compared to 3:7 across all jobs, nationally). The growing skills gap is an inherent threat to the cybersecurity landscape.
04
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
As Businesses Prepare To Make Long-Lasting Changes To Their Ways Of Working, Many Want To Invest More In Technical Training A great majority (94%) of respondents in June said that they foresee their business changing in at least one way over the long-term following COVID-19. The top-cited change businesses are making is asking employees to continue working remotely (nearly two-thirds of respondents). Other changes businesses are considering include a need for more social and digital marketing efforts, compared to traditional mar- keting tactics (48%), while a similar number (47%) will be implementing a permanent policy of less business travel. Some will be broadening offerings (28%) or downsizing physical offices (27%). Nearly one quarter of respondents (24%) are prepared to invest more in technical training and certifications for employees. With somany planning to rely more on new technology for everyday business operations, a heightened need for technical training is becoming apparent. Cybersecurity Training Is Top-Of-Mind While there are obvious solutions for some day-to-dayworkplace challenges, the longer-termreality of COVID-19 is shedding light on the need for extended training and upskilling of staff in key areas of cybersecurity, IT and, broadly, technology.
Around 7 in 10 April respondents stated that they planned to increase training efforts in the next one to two months
Nearly 9 in 10 June respondents expected cybersecurity training for IT staff to increase in the short term
05
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
Most survey respondents report that their organizationhas priorities for training IT staff in one ormore cybersecurity areas, with top priorities spanning awide range of topics. When asked to select their topfive, themost commonly selected topicswere: best practices for educating end-users (43%overall, and this response wasmost popular among SPs/MSPs, vendors/distributors, and other types of organizations); networkmonitoring/accessmanagement (32%); riskmanagement/ mitigation (31%); and data loss prevention/ data security best practices (30%). Other areas identified for trainingwere firewalls and antivirus (29%), Cloud security (28%) and best practices for data privacy (25%), among others.
What training areas arefirms prioritizing? 1) Educating end-users 2) Networkmonitoring/accessmanagement 3) Riskmanagement &mitigation 4) Data loss prevention/data security best practices 5) Firewalls &antivirus 6) Cloud security 7) Best practices for data privacy
A Return To Normalcy, Or Is This The New Normal? In April, nearly a quarter (24%) of respondents expressed an expectation that business might go back to normal by May or June. Some 41% of respondents said they expected business may return to some semblance of normalcy by July or August. Clearly, for a majority of the country, and for a good deal of businesses around the world, neither scenario has come to pass. Yet 34% of respondents expressed a view that it would be at least September before “business as usual” might be resumed. Responding tech firms—and the technology industry as a whole—have arguably experienced less disruption than other sectors due to their ability to pivot more quickly to remote work and fill in gaps with technology solutions for other businesses, but challenges lie ahead.
06
Emerging Cybersecurity Training Priorities in a COVID-19-Impacted Business Landscape
Trends toWatch in 2020 &Beyond •Most staffwhoareablewill continue towork remotely. • Physical officesmaybedownsized. • Businesseswill look tonewtechnologyuse cases inanattempt to target awider client-base. •Managerswill expressheightened interest in technical aswell as professional/“soft” skills training for all staff. • Cybersecurity trainingwill becomeubiquitous for all staffworking fromhome. • Flexibleoptions andcreative solutions aroundpayment anddelivery for customerswill become thenorm. With September fast approaching, many are attempting to gauge how theminority of businesses that have returned to business-as-usual are faring. With no tangible sign of an end to the COVID-19 pandemic on the horizon, some arewondering “Is this state of living in uncertainty simply our newnormal?” Certainly, froma business perspective, there have been lessons learned about efficient working, adaptability, and dependency on technology that will outlast the pandemic itself. As the impacts of COVID-19 are becoming clearer, newand unforeseen crises will inevitably arise. Nonetheless, a newfound awareness of the inherent risks posed by “business as usual” has given us all a greater sense of what needs to change. The business world nowhas a deeper appreciation of the need for well-trained and IT-savvy staff who are able to adapt to unfolding situations and operatewith a sustained degree of uncertainty in any technological environment. Joining Information Sharing and Analysis Organizations (ISAOs) is an additional way tech firms can help safeguard their businesses and their customers’ businesses from increasingly targeted andmalicious cybersecurity threats. Our sense of collective security has been challenged, and businesses are understandably looking for quick fixes in order to maintain key workflows and avoid further damage to the working environment. While training is a viable solution for many of the imminent challenges cited, a longer-term, ongoing training strategy can help business leaders feel confident that their IT is in the hands of people who are equipped not just for immediate needs, but for the unexpected situations of tomorrow.
• Business travelwill remain impacted formonths or years tocome. • Cloud solutionswill be increasingly reliedupon to support customers.
07
CompTIAWorldwide Headquarters CompTIAMember Services, LLC 3500 Lacey Road, Suite 100 Downers Grove, Illinois 60515
630.678.8300 CompTIA.org
© 2020 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned hereinmay be trademarks or servicemarks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibitedwithout written consent of CompTIA Properties, LLC. Printed in the U.S. 07960-Jul2020
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8Powered by FlippingBook