Security Pro Burnout reports IT security change

Major changes in our world, brought about by the global pandemic, have put a strain on the mental health of IT security professionals.

Growing demands from organizations to adapt to a remote mode of working meant that these people had to work overtime to ensure not only fast but secure digital transformations.

A survey by 1Password found that cybersecurity professionals have been negatively impacted by these changes, and that the dangers for organizations are significant: twice as many burnt-out security professionals say that security rules and policies “are not worth the money.” barely”, compared to those who are. only a little burnt.

Jeff Shiner, CEO of 1Password, said that when it comes to cybersecurity, the conversation about employee burnout should remain at the forefront, especially in an increasingly geographically dispersed workforce.

“Our report’s findings revealed that organizations can begin to combat employee burnout by using high-quality, user-friendly software that enables productivity or addresses process issues they may be facing,” it said. -he declares. “This can have a substantial impact on safety.”

Shiner noted that for any organization looking to better support its security personnel, the most important first step is to recognize that people may struggle to cope.

This means organizations need to ensure that they regularly assess the cause of their employees’ burnout, review their internal processes, and then address the issues in a way that is consistent with their company’s mission and culture.

“Unfortunately, many cybersecurity solutions deployed today are designed to trigger alerts with a theoretical focus on more information, which equates to better security,” said John Morgan, CEO of Confluera. . “Of course we know that in practice that is not true.”

He said that since most cybersecurity investigations result in false positives, it is difficult for security professionals to feel rewarded for their hard work and to believe that they are making a real difference in improving security. the overall security of their organization.

“It’s been a challenge in the cybersecurity industry for many years,” he said. “Coupled with the sudden increase in initiatives due to business model change, ranging from moving to a virtual workforce to adopting the cloud, organizations are facing significant and real cybersecurity challenges.

Maximize IT security time

Morgan said organizations should focus on maximizing IT security staff time, allowing them to work smarter.

“Automation can help, but streamlining the wrong part of the security process can make things worse by increasing the tasks that require human analysis,” he explained. “What organizations should focus on is evaluating which aspects of IT security personnel responsibilities can best be automated.”

For example, with so much time wasted investigating false positives, streamlining the process to generate only the alerts that “matter” can dramatically improve security staff productivity as well as job satisfaction.

“There are many factors associated with the cause of employee burnout,” Morgan added. “The main factors that can help reduce the risk of burnout are ensuring that employees have a sense of accomplishment for the work they do, feel appreciated, listened to and empowered to make decisions.”

He pointed out that in general IT can often be a job without much praise if things are going well, but with incredible pressure and an overwhelming sense of urgency when things are not going well given that the business productivity is reduced.

“With that in mind, my advice to business owners is to praise during good times to help offset firefighting,” Morgan said.

Shiner added that as long as the pandemic persists and threats escalate, burnout will remain a problem.

Relieve burnout

“Fortunately, there are solutions available to us to mitigate burnout – organizations should consider making this the core of their cybersecurity skills training initiatives,” he said.

He explained that reports showed virtually zero unemployment among cybersecurity professionals, meaning organizations are jostling for top talent.

“Taking burnout seriously could be a competitive advantage in recruiting and retaining talent,” he added.

John Hellickson, executive cyber advisor at Coalfire, a provider of cybersecurity advisory services, said as an industry there is a need to collaborate more with HR business partners to find better ways to ensure that work is less like work.

“We lost a lot of the in-person human element of working together toward a common goal when a majority of the workforce shifted to remote work,” he said. “Now that most companies have successfully enabled a fully remote workforce, security leaders need to turn their attention to creative ways to ease the burden that traditional security measures have ineffectively placed on the remote worker.”

Hellickson warned that until CISOs and HR business partners find ways to quickly adapt to market demand for talented cybersecurity personnel with the ease of changing jobs, this burnout will continue in a foreseeable future.

“Frankly, we are going to see an increase in wages and benefits that will attract employees, which will force human resources departments to move away from their traditional structured compensation analysis of what the market requires to adopt an approach more proactive and supportive adjustment of compensation plans for current employees,” he said.

He predicted that if that didn’t happen, CISOs and security leaders would spend a lot more time managing attrition that could otherwise be spent managing cybersecurity risk within the organization.

This perspective was echoed by Morgan, who said he does not foresee the current challenges facing IT security professionals being resolved in the near future.

He pointed out that many industries continue to evolve their businesses and the adoption of new processes and technologies shows no signs of slowing down, while new cyber attacks leveraging current events and new technologies have also accelerated.

“Simply hiring more resources is not a practical approach given the costs and availability of talent,” he said. “Cybersecurity is a specialized field, so opening up hiring to remote workers will help, but ensuring they are qualified will continue to be difficult.”

Morgan said organizations should focus on equipping their IT security professionals with the right tools to maximize their abilities to identify the latest cybersecurity threats and attacks, especially in new cloud environments, and improve their sense of security. accomplishment by adding significant value to the organization.

“Fortunately, recent innovations in the cybersecurity industry provide organizations with many such tools,” he said.

Comments are closed.