Top tactics to combat cybersecurity worker burnout
By Darren Reid, Senior Director of Asia-Pacific and Japan, VMware Carbon Black
Friday, 17 November, 2023
Burnout is something that can affect anyone in any job. It’s a well-known phenomenon that is rife among cybersecurity personnel. It is the result of many different factors, and an individual’s response to these, and develops progressively.
The causes of burnout among cybersecurity professionals are well known. There’s the ‘WhackaMole’ problem: the never-ending stream of new vulnerabilities to be patched and new threats to be mitigated. There’s the never-ending challenge of implementing patches ASAP, without disrupting operations. There’s the constant stress of knowing that only one weakness, one chink in the security armour, can lead to a successful attack with, potentially, catastrophic consequences.
And with the chronic shortage of cybersecurity professionals, there are never sufficient skilled people to handle all these challenges.
Burnout is bad for security
Cybermindz, an Australian charity dedicated to the mental health of cybersecurity professionals surveyed 119 such people, 32% of them CISOs. They completed the Maslach Burnout Inventory (MBI), which defines burnout as a combination of emotional exhaustion, depersonalisation and reduced professional efficacy.
The study found participants experiencing unsustainable high levels of stress and burnout at work. “Left unaddressed, this level of stress will cause talent attrition and may allow vulnerabilities to go unaddressed in organisational information systems which can be readily abused by attackers,” it concluded.
A February 2023 blog from IT research firm Forrester linked high-profile cybersecurity breaches at Optus, Medibank, EnergyAustralia and MyDeal to employee burnout after predicting in late 2022 that, in 2023, a global 500 firm would be exposed for burning out its cybersecurity employees.
More specifically, in a September 2023 study of 200 IT security professionals from large organisations, 83% admitted they or someone in their department had made errors due to burnout that had led to a security breach and 77% said stress levels at work directly affect their ability to keep customer data safe.
Preventing burnout with policy and practices
Both technology and non-technology measures are needed to reduce burnout. Non-technology measures include workplace policies and practices that ensure all workers are treated equally; facilitating work-life balance; training in stress and crisis management; and proper support.
Traditionally the specialist requirements of security management and network management have resulted in the creation of network operations and security operations teams. This model has led to operational inefficiencies and blind spots that adversaries have used to their advantage, and to burnout and stress when these two teams have had to collaborate in high-pressure situations.
Proper recognition of the importance of cybersecurity by boards and senior management, adequate support for cybersecurity staff and the provision of adequate resources are also important.
Many of these factors are outside the direct control of overstressed cybersecurity professionals. However, the way they respond to these external forces can be a significant factor in them becoming burnt out, and they do have control over that.
Global wellbeing specialist Robertson Cooper has developed a model of resilience based on four strategies individuals can adopt to build and maintain resilience in the face of adverse circumstances: confidence, adaptability, purposefulness and social support. These are easily stated but can be challenging to achieve and maintain, and Robertson Cooper offers a guide to help individuals build these capabilities.
Preventing burnout with technology
The best policy and practices in the world will do little to relieve one of the most stressful aspects of a cybersecurity specialist’s life, however, and one that can test an individuals’ resilience to the limit: responding in real time to an attack, trying to understand the nature of that attack and attempting to counter it and minimise its impact. This is where technology, and in particular extended detection and response (XDR) tools, can help.
By deploying tools that provide comprehensive and integrated approach to threat detection, investigation and response across multiple vectors, organisations can enable their security teams to identify and respond more effectively to cyber attacks and reduce their stress levels.
Reducing the number of tools, the number of consoles and the number of places an analyst needs to go to for information can also help reduce the load on the individuals in your security team:
- Data gathering: Tools that collect data from endpoints, network traffic, cloud services and applications can provide a holistic view of an organisation’s security posture. This broader perspective helps security teams detect and respond to complex and sophisticated cyber threats that might otherwise not be detected.
- Rapid data analysis: One of the most powerful features of artificial intelligence (AI) is its ability to analyse vast amounts of data, identify patterns and extract insights far more rapidly than any human. AI can be used to help human intelligence rapidly analyse and correlate data to detect network events that could indicate an attack, such as lateral movement, anomalous connections, data exfiltration and malicious software, and put this the information onto a single console.
- Identification of business risk: Not every component of an organisation’s system represents the same level of risk if it is compromised in a cyber attack: every organisation has its ‘crown jewels’. Tools are available that can identify the target of an attack and immediately alert security staff as to the level of business risk that attack creates, enabling responses to be prioritised.
Removal of noise: Tools are also available that can filter out noise from large volumes of data from endpoints, servers and the cloud, and use AI and ML to correlate the necessary data so they present only those alerts that require a priority response, helping reduce stress on security teams.
Reducing burnout amongst cybersecurity professionals by addressing its underlying causes delivers benefits all round. They are likely to be more effective in their primary role: protecting the organisation from cyber attack. And they are less likely to want to move on, sparing their employer the costs of recruitment and lost continuity.
Tools that enable security staff to better triage, analyse and respond to events — generally described as extended detection and response (XDR) tools — can reduce analyst stress, improve their productivity and job satisfaction, and thereby lower the incidence of burnout.
The need for mental health support within the cybersecurity profession has been evident for quite...
Collaborating with industry stakeholders to devise a ransomware reporting obligation is a key...
With the ever-increasing speed and sophistication of cyber attacks, we need speed, scale and...