Of the nearly 10 million Americans who recently have filed for unemployment insurance – 6.6 million this week and 3.3 million the week before – as the coronavirus pandemics shut down businesses and the economy, the cybersecurity workforce seemingly has been spared. But experts warned that widespread layoffs in the future could leave organizations vulnerable.“It will be
dangerous if cybersecurity jobs are thought of a luxury, or a component that
can be downsized when times get tough,” said Timur Kovalev, chief technology
officer at Untangle. “The costs that could be incurred if a data breach occurs,
or if systems are taken down because of malware or ransomware could easily put
a small- to medium-sized company out of business for months, or forever.”For
companies that remain operational the need to have someone standing guard is
even more important, Kovalev said, as criminals go after hospitals with
ransomware attacks, targeting those expecting federal financial aid or offering
phony retail advertisements via texting to coerce people into clicking.“Cybersecurity
and IT professionals are going to be crucial, essential positions during this
time, especially as employee and business leaders are focused on weathering the
crisis, and possibly missing the signs of an attack happening to them,” he
said.Chris
Morales, head of security analytics at Vectra, noted that much like those
manning other frontline positions in the war on COVID-19 he is seeing security
staffers working even harder right now.“Cybersecurity
and IT are seeing an upward trend and these staffers are a priority for
organizations of all sizes in today’s remote work environment,” he said.The
criticality of cybersecurity teams as well as the shortage of skilled personnel
that preceded the pandemic have likely limited layoffs in the field. And the
uptick of cybercrime – miscreants not only aren’t letting the coronavirus curb
their activities, they’re also leveraging the virus in campaigns and capers –
make a strong case for maintaining a strong security team.“Cybersecurity
concerns don’t magically go away during a downturn or recession, so while the
job market might tighten up when compared to recent years, it’s likely to be
less impacted than many other sectors,” said Tim Erlin, vice president, product
management and strategy at Tripwire, adding he has not heard or seen of layoffs
taking place yet in the industry.The general
consensus, at least to this point, is security teams are likely to avoid being
among the first impacted when a company decides layoffs are necessary.“Most
organizations understand that this is one of the very last areas that you
afford to cut back on,” said Stu Sjouwerman, founder and CEO of KnowBe4. “Cybersecurity
has been designated as ‘essential’ in the recent COVID shutdowns. I honestly do
not expect any organization to furlough their InfoSec team, that would
essentially be inviting the fox in the henhouse.”Gene
Fredriksen, executive director and CEO at National Credit Union ISAO, said that
while automated systems could hold the line for a very short period in the end
need they human guidance to truly work effectively.“Basically,
you need to remember that security controls are a combination of people,
process, and technology. We could probably assume that the technology will
continue to function for the short term and will be robust if kept patched.
However, the security processes require people to keep them running,” he said. “Patching, loading files, monitoring,
auditing, etc... Can definitely be
affected by layoffs. Also, the progress made in the devsecops world could be
unraveled by the layoff of key developers.”Sjouwerman pointed
out that if cybersecurity and IT people are let go the cybersecurity
implications would be disastrous since criminals have increased their attacks
by 667 percent in March alone.The high
level of malignant activity is likely spurring some anecdotal evidence
indicating hiring has not abated in the industry.“Obviously,
I can’t speak for everyone, but I really haven’t seen IT people, especially in
the cybersecurity field, lose their jobs,” said Pierluigi Stella, CTO, of MSSP NetworkBox
USA. “If anything, I’ve seen a renewed interest in hiring. Just yesterday, I
was on the phone with a banking client of ours and she told me she was
interviewing someone for an IT position because they’re swamped. They can’t
keep up.”Although the
Department of Labor’s weekly report did not breakout or
specifically mention cybersecurity or IT workers being included in the latest
wave of jobs impacted by COVID-19, the category was conspicuously absent.
Instead, the jobs most hit across all 50 states were food services,
transportation and warehousing, health care and social assistance,
administrative, support, waste management, and remediation services, mining,
retail trade, manufacturing, real estate rental and leasing and construction
industries.“The volume
of jobs in cybersecurity and IT far exceeds the available people to do those
jobs. The only employees I could imagine losing their jobs are from companies
that are in a very bad position right now and are laying off a large mass of
personnel,” said Morales.A.N. Ananth,
Chief Strategy Officer at Netsurion agreed with Morales saying that while he
has not observed any significant layoffs those industry verticals where entire
staffs are let go, such as travel, hospitality and entertainment, will likely
have IT and security personnel included in any staff eliminations.To put his
staff at ease Palo Alto Networks CEO Nikesh Arora has publicly committed to a
no layoff policy associated with the uncertainty caused by COVID-19.
Threat Management, Security Strategy, Plan, Budget
As unemployment claims soar, cyber workforce remains strong
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds