Tech professionals ill-prepared for COVID-19 cyber attacks

Despite the influx of cybersecurity threats during COVID-19, less than half of technology professionals are “highly confident” in their ability to detect and mitigate threats, according to new research by ISACA.

Of 3700 international IT audit, risk, governance and cybersecurity professionals, surveyed in mid-April, only 51% said they were adequately equipped to manage the new threat landscape.

The results are concerning given the recent spike in COVID-19-themed phishing campaigns and malicious activity. Up to 92% of respondents were aware of this enhanced threat.

Widespread work from home mandates are partly to blame for the lack in confidence, with 59% claiming their teams did not have the necessary tools to perform their jobs effectively from home.

Although 80% of respondents exchanged best practices for remote work at the outset of the COVID-19 lockdown, 87% believed the abrupt transition increased data protection and privacy risk.

ISACA CEO David Samuelson said these concerns are valid.

“Organisations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that leave them vulnerable to threats.

“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education.

“ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.”

The challenges add to an already strained cybersecurity sector, in which 62% of teams reported being understaffed, prior to the pandemic.

On the upside, ISACA did observe an increased uptake in professional development programs during the crisis, and said the vast majority of respondents expected normal business operations to resume by Q3 2020.

Image credit: ©stock.adobe.com/au/Rawpixel.com