When I wrote my ‘Director’s Cut’ for the Q1 issue, I would not have anticipated in my wildest nightmares what was upon us. Nevertheless, here I am, a month into lockdown, pondering the impact that COVID-19 will have on our industry.
The first thing I will say is that, as an industry, we are blessed with resilience in the face of this global pandemic. I lead two other publications which serve the retail industry and the drinks/hospitality industry, and the impact of COVID-19 on those two sectors has been huge. The information security industry will thankfully not suffer comparable hardship.
In stark contrast to the two aforementioned industries that have been largely and mandatorily locked down, cybersecurity (by and large) will keep the cogs turning and continue to sell technology and services at a time when many need them more than ever. However, that’s not to say that cybersecurity companies won’t face any impact. The smaller, less established firms without repeat contracts and loyal customers may find this wave harder to surf.
It’s well-known that in times of crisis, human nature compels us to stick by what we know, to what feels reassuring to us. This bodes well for the cybersecurity companies with strong and established customer bases, but less so for the newer, smaller vendors. There could be implications on R&D and industry innovation, since startups account for a significant portion of evolution and advancement of security technology.
"In times of crisis, human nature compels us to stick by what we know, to what feels reassuring to us"
Then there’s the inevitable post-pandemic recession. Research has shown that the pressures of a crisis can trigger reactions capable of distorting perceptions, decisions and outcomes. There is therefore founded concern that post-COVID-19, organizations experiencing budgeting issues might reduce finance lines considered non-critical, which misguided and misinformed executives may deem to include cybersecurity operations. Cutting information security budgets would not just affect vendors’ revenue and the health of the industry, but it would further increase the impact of attacks on organizations.
The reality is that the world needs robust cybersecurity now more than ever. The COVID-19 outbreak has led to an increase in both the likelihood and impact of cyber-attacks. The exploitation of people at their most vulnerable is pretty sickening, but cyber-attackers have shamelessly exploited the uncertainty and helplessness of people in devastating times.
"The reality is that the world needs robust cybersecurity now more than ever”
In this issue, Phil Muncaster’s news feature and Sue Poremba’s cover story on new remote working norms expose the specific cyber-threats that have been born out of, or have increased because of, COVID-19. The combination of risks emerging or increasing in volume with reduced security expenditure could be catastrophic.
On our side we have awareness and the attention of the nation. It’s hard to get column inches at the moment, with journalists and readers alike obsessed with coronavirus stats and lockdown news. However, tales of cyber-exploits and phishing scams in light of this pandemic have made it into national news regularly. Admittedly, the stories are more consumer-focused, but as we always advocate in social awareness best practice, if you can strike a chord with people on a personal level, they are more likely to apply more secure behaviors in their professional lives.
We can only hope that the extra coverage encourages individuals to be savvy and organizations to hold tight on their investments in cybersecurity. Now is a time to invest in people – after all, a business may face a crisis, but it is its people that actually deal with it – and set up businesses for post-COVID-19 success. I know that’s easier said than done for a lot of companies, but when we come out of this, the most successful organizations will be those that valued their people and invested in the business’ future. Cybersecurity, as we all know, should be a significant part of that proposition.
With all the tragedy that dominates this pandemic and the shameful exploitation of the vulnerable in such heartbreaking times, it’s sometimes difficult to see beyond the darkness. However, humankind is resilient and compassionate, and it’s therefore crucial that we don’t let the actions of the minority overshadow the hope, the acts of kindness and the demonstrations of selflessness and solidarity.
In his editorial, Michael lists many of the amazing ways the cybersecurity industry has demonstrated its generosity and its commitment to helping people when they need it most. This is one of the many reasons why I’m proud to represent this industry.
The cybersecurity industry won’t come out of this unscathed and, in the short term, depleted budgets and cyber-criminals’ unrelenting attacks will cause a level of hardship and challenge. Nonetheless, COVID-19 won’t beat us; the industry is resilient, it’s worthy and it will survive and indeed prosper.
Stay positive, stay committed and most importantly, stay safe