#5MinSecurityRead Redeployed security staff, is this the time?

• by Ellie Hurst
• Advent IM Blog

According to  ISC², almost half of security professionals (47%) report that they have been redeployed for a range of mostly IT  and mobile device deployment functions and 80% have reported a change of some kind to their role during the pandemic crisis, so far. Most (90%) are now working remotely, though for many this will not be a new way of working. It goes without saying that at a time like this, an ‘all hands to the pump’ attitude is needed in order to keep businesses going and try to ensure the retention of jobs. But we also know that this is a time of unprecedented risk, particularly to security and particularly via remote workers who may be unaccustomed to this way of working, be uncertain of new security requirements and  also be under stress from the overall situation. Additionally, cybercriminals are capitalising on the situation to launch some very cynical and highly effective attacks on individuals, businesses and even cities and municipalities.

We have long talked about the effectiveness of well trained employees with clear security guidelines and policies to support them. They provide a highly nuanced and focused security defence. We have also talked about the risk from the absence of effective security training, policy and guidance – those key support, report and improve mechanisms that are so badly needed right now. Seeing the redeployment away from frontline information security roles made for very uncomfortable reading.

When it comes to those businesses redeploying their security professionals whilst diligently (and quite rightly) moving their workforce to remote status, we must hope they fall into the first category and not the second. There is clearly an important balance to be struck and some review of employee security awareness and capability to be had in order to ensure gaps do not appear and the risk of successful security incidents increased.