Operating budgets will be monitored with scrutiny for the near future as COVID-19 recovery remains uncertain. For many organizations, this may mean that traditional hiring practices will likely be greatly limited, and one of the functional areas that may be affected by hiring limitations is information security.
In the age of cyber threats and breaches, the importance of the information security function is starting to take root. It’s a sector that’s rapidly growing; the Federal Bureau of Labor Statistics anticipates that between 2019 and 2021, information security jobs will be growing at a rate of 31%, much faster than the average. A jobs report estimated that 3.5 million cybersecurity jobs would be available but unfilled by 2021.
An unfortunate consequence of COVID-19 related cash flows may be that competing for talent within the information security sector may become that much more difficult. Organizations that cannot fill the staff they need for information security protection may consider alternative solutions. Information security efforts can be enhanced through co-sourcing cybersecurity professionals, especially if your organization has a specific plan of action to meet the demand of your board or a specific oversight committee.
As operations leverage remote work capabilities and the technology sector continues to roll out unique virtual solutions to in-person functions, securing data will be an even greater facet of operational oversight. Now is not the time to undercut the importance of security protocol due to the level of risk associated with flexible work environments in terms of exchanging sensitive data, especially financial information.
Malicious actors are betting on companies making mistakes during the remote work migration and seeking to leverage their disingenuous position based on your uncertainty. The spring saw several COVID-19 phishing fraud schemes seeking to gain personal information by posing as a legitimate agency.
The Growing Importance of the Cybersecurity Team
In this elevated risk environment, controls encompassing information security are essential. It is important for your organization to revisit the nature of your security policy regarding data transfer and overall security standards surrounding completing regular business activities outside of the office. Best practices for IT security should be observed including use of a Virtual Private Network (VPN) and a reliable way to share and store information.
Understanding how to articulate your current information security position will also be important. Storage of sensitive information, general access to information systems, and modifications in protocol to adopt remote work practices will be priority concerns for regulatory authorities, stakeholders and clients, and financial statement auditors. Sound protocols can be seen as a means to assure stability as your business confronts to new challenges, such as bringing more of the workforce back into the office following extended remote work periods.
The advantage of having an in-house cybersecurity team is that it tasks a team with specifically reviewing and improving information security protocol and strategy, including data integrity, governance frameworks, security training, and third-party service provider services.
Building the team you need in-house, however, may not be feasible in the current environment given budgetary constraints and the highly competitive market. During the disruption from the pandemic, organizations may have been forced to combine security responsibilities such as rolling the Chief Information Security Officer (CISO) function into a Chief Information Officer (CIO) role or putting more CISO responsibility on a managed service provider to keep up with the demand of IT infrastructure concerns and day-to-day obstacles of hosting remote employees.
Some entities may be seeking to restructure their security teams and provide a more holistic approach by bringing in associates with ancillary backgrounds to fill vital roles. While this approach has its advantages in terms of addressing the skills gap, it might not be the most appropriate operational solution. Existing resources may not have the desired resumes to mitigate key security risk factors or be knowledgeable of the new threats associated with the changes in their environment.
Bringing in an external team to serve as a resource for your information security environment can help ensure key risks are addressed without the expense of hiring and onboarding new associates. These professionals can help bring information teams up to speed that have had their efforts refocused, or have been recently hired to ensure your organization has the appropriate information security framework.
Co-sourcing the cybersecurity function can also provide support for time-intensive reporting projects, such as reviewing and preparing information security controls for the next audit year, responding to security questionnaires from clients, or helping facilitate Systems and Organization Control (SOC) report requests.
For More Information
For more information about how co-sourcing the information security function may benefit your organization, please contact us.
Looking for more COVID-19 resources? Visit our resource center for expertise on impacts to expect and how your business can respond.
Ray Gandy is a Director and Leader of the IT Risk & Assurance Practice at CBIZ & MHM New England. He can be reached at firstname.lastname@example.org or 617.761.0722.
Copyright © 2020 CBIZ & MHM (Mayer Hoffman McCann P.C.). All rights reserved. CBIZ and MHM are separate and independent legal entities that work together to serve clients. CBIZ is a leading provider of tax and consulting services. MHM is an independent CPA firm providing audit and other attest services. This article is protected by U.S. and international copyright laws and treaties. Use of the material contained herein without the express written consent of the firms is prohibited by law. Material contained in this alert is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their business.