COVID-19 has transformed every aspect of our lives, from our everyday working practices to how we communicate with friends, family, and colleagues. Work has been brought home, home has been brought to work, and businesses across the globe have been forced to reassess their expansion plans due to ongoing uncertainty about what is happening next.
The same cannot be said for the cyber and information security space. A surge in remote working and explosion in COVID-related cyber threats over the past year has coincided with an increase in demand for top cyber talent to fill the gaps.
Here we explore the pandemic’s evolving effect on cyber and information security recruitment, looking at how jobs in cyber have been affected over the past year. We also share some insights from Brett Marsh, our Managing Partner across North America for Information & Cyber Security.
The Importance of Core Talent Through COVID-19
At the start of 2020, attention was shifted to critical hiring as companies rapidly reshuffled their plans to get through the next stage of COVID-19.
However, as companies adapted and accepted this as the ‘new normal’, the gaps within businesses for cybersecurity professionals soon became clear, and demand for top talent surged.
Noting this shift in business priorities, Brett Marsh notes:
“After an initial period from February to April whereby most clients paused all but critical hiring, we have since seen a rapid increase in hiring need across our Xcede clients.”
Why the Demand for Cyber Talent Has Surged Through COVID-19
COVID-19 has opened a new window of opportunity for cyber attackers, spammers, and phishers alike to exploit users, businesses and software vulnerabilities. From a rise in high-profile data breaches to a surge in COVID-related phishing scams and ransomware attacks, this expansion in COVID-related cyber incidents has been making headlines across the globe.
Discussing the rise of specific cybersecurity incidents, Brett Marsh notes:
“Certain cybercrimes like phishing and ransomware have reportedly increased some +300% during the pandemic as bad actors look to exploit weaker remote infrastructures and processes.”
In an investigation by Andy Auld and Jason Smart at PwC into why there been such a surge in cybersecurity incidents during COVID-19, they cite the majority of these incidents as ‘ransomware attacks involving exfiltrated data being leaked’. One of the key questions they ask is: is the rise in cyber incidents illustrative of a sporadic approach of threat actors ‘seeking to take advantage of the disruption the pandemic has brought’, or are there longer-term plans involved?
The story of stealing data from victim’s networks and then posting links to it on private, dark web forums is nothing new. Yet, as PwC, the story does have an interesting progression throughout COVID-19. PwC note that by the end of May last year, “over 150 organisations globally have had their data published on leak sites; the majority of these (60%) have occurred after 11 March, when the WHO first declared the COVID-19 outbreak to be a pandemic. Of these, the overwhelming majority (80%) were leaked after 23 March, when the lockdown commenced in the UK.’
As PwC notes, there are many possible reasons why more and more cyber-attacks are becoming public. From an increase in organised crime groups seeing COVID as the perfect opportunity to target ‘desperate organisations’, to opportunists identifying new vulnerabilities that have arisen alongside the surge in remote working, the reason why this is happening largely centres on the simple fact that COVID-19 has given attackers across the globe a novel window of opportunity to exploit.
What this Means for Cybersecurity Professionals
This global surge in cybersecurity threats has meant that cyber and information security specialists are in higher demand than ever before.
Discussing the escalation in demand for cybersecurity specialists, Brett Marsh notes:
“In response to the rise in certain cybercrimes, we are seeing an upswing in commercial and technical implementation disciplines linked to the sale and installation of cyber-protection products.
We have also seen significant and fast-paced project implementations to secure and upgrade cloud security and identity access-based technologies that link to securitizing a remote workforce.”
COVID-19’s Effect on The Hiring Process at xcede
The pandemic has forced businesses to rapidly adapt their working practices. As we have eased into the ‘new normal’ way of workplace communication, how we hire new staff is evolving too.
Speaking to Brett March about the pandemic’s impact on workplace communication and the hiring process as a whole, he notes:
“The pandemic was a catalyst for a clear and quick movement to entire video conferencing-based interview processes.
The technology has been available for some time, but the need to continue complete hiring processes drove behaviour to fully accept video conferencing for all stages of the interview process, and in parallel, complete remote onboarding.
This has in many cases sped up the interview process.”