Adapting to a changing threat landscape due to COVID-19 and organization-wide remote access has meant a busier than usual quarter for cybersecurity professionals. An avalanche of phishing emails urging users to “click for new guidance about the global pandemic” is leading to an increased risk of business email compromise.
At Ingalls, we see these emails succeed all too often, and more ransomware attacks as a result. Since 2010, we’ve been in war rooms and boardrooms investigating targeted attacks by criminals and nation-state sponsored hackers. In this time of heightened activity, we know that IT teams are struggling to keep pace with the volume of security alerts and responses needed to keep environments protected.
It should be no surprise that employees tasked with cybersecurity people are burning out. Burnout was the number one stressor identified from 700,000+ employees surveyed globally since March by Glint, LinkedIn’s People Science organization. Justin Black, Head of Glint, notes that comments around burnout doubled from March (2.7%) to April (5.4%) suggesting that it’s a growing threat to the productivity and engagement of today’s workforce.
The World Health Organization (WHO) has categorized burnout as a medical condition, indicating it can occur as a result of chronic workplace stress that has not been successfully managed. While there are multiple characteristics of burnout from feelings of exhaustion to feeling negatively about work, potentially of most cybersecurity concern is the reduction in professional efficacy that occurs.
In a cybersecurity landscape where defenders need to be right every time, and the attackers need only be right once, the consequences of any lapse in employee effectiveness can be significant. And now, especially in cybersecurity, risk factors of burnout are significant and even more critical during this pandemic. Under normal circumstances burnout presents a serious problem for security professionals and for the organizations that depend on them to effectively manage risk, add on the weight of managing a breach which is always an intense and stressful situation.
Some of the most critical risk factors are:
- Employee turnover: The Ponemon Institute’s study “ Improving the Effectiveness of the Security Operations Center” found that 65% of SOC professionals say stress has caused them to think about changing their career or consider quitting. The normal stress of working in a SOC makes it difficult to hire and retain experienced IT security practitioners.
- Increased mistakes/oversight: Being mentally, physically and emotionally exhausted leads to costly mistakes for those responsible for securing your IT environment. How many rows of SIEM logs can you handle before your eyes glaze over and you start daydreaming about the Bahamas? It is essential to the security of your organization for people to be able to do their jobs thoroughly and effectively.
- Decreased customer satisfaction: The impact of employee burnout translates to the quality of your customer experience. If mistakes are made and interactions are not helpful, then the services and needs that others rely on you for become lacking. Your customers may go elsewhere..
Few organizations seem to be aware of or place adequate attention on addressing the upward trend in burnout. As Ingalls regularly helps our clients prevent and manage breaches through our Managed Detection and Response (MDR) and Incident Retainer and Response services, we knew burnout was a serious threat so we made it a priority to address it in several ways to ensure our ability to continue delivering best in class Cybersecurity Risk Management. An effective cybersecurity program must include people, process and technology. We believe our people are best when they aren’t struggling with too much work and have the capacity to deal effectively with changes in the world around us as well as their personal lives.
Ingalls’ SOC Director, Cyrus Robinson explains why this matters, “Emphasizing self-care amongst team members is critical. There have been occasions where we have actually had to plead with incident responders in a breached organization to take a break and get some sleep. While you may lose some sleep over an incident, being able to think clearly is a critical capability, and that's just not possible without getting sleep. Also, post-incident lessons learned activities, which tend to focus on technical gap analysis, should also take human factors such as resource availability and burnout into consideration.” During these unprecedented times, we believe our clients and team would be better off if we focused on the following ways to manage burnout and the crisis of this pandemic, so we actively:
- Communicate openly: Be aware of and acknowledge burnout actually exists, and that it is normal in cybersecurity without dealing with a pandemic. Educate staff about what it is and the signs of burnout. Be clear about what your organization is doing to help relieve burnout. Share concrete actions employees can take to help themselves as well, such as emphasizing the need to focus on basic needs like sleep, food, water, exercise, schedule flexibility, and mental health.
- Provide schedule flexibility & plan PTO: Ingalls employees have been encouraged to schedule and take leave to decompress and have the ability to focus on things that don’t have a price tag or a calendar date attached like family health and adjusting to a new way of life at home.
- Prioritize and reprioritize vigilantly: New work is an inevitable, and that is doubly true when you are facing a breach. Setting clear expectations and prioritizing effectively helps our team manage their bandwidth to a realistic capacity, and allows them to stay focused on what is most important without getting spread too thin across a multitude of tasks.
We are here to help whether by reducing noise from non-significant alerts or conducting incident response.
Through 10+ years working major incident responses (IR), our emphasis on people is what allows us to provide world-class client experiences. We understand cybersecurity attacks, how they occur, and how to effectively respond.
We also offer step-in service for SOC teams facing personnel shortage. We have a simple onboarding process to provide your company the bench it needs to effectively manage risk. We fine tune and curate alerts to aid with your shifting needs without overburdening your team members. “Our focus on solution innovation and improving what we do and how we work for efficiency and efficacy is a value that extends to our customers,” says Sarena O’Donnell, our Chief Risk Officer, “ In addition to our experienced team, we are careful to implement intelligent automation and use the best of breed technology solutions, so that alerts we work and information we share with customers is fine-tuned”.
Through our proven process each client is assigned a dedicated expert who tailors cybersecurity risk management to unique needs, and continuously validates our service is effective. Help your people mitigate burnout and ensure guaranteed measurable, best-in-class cybersecurity risk management.
About the Authors
Jason Ingalls, CISA, CISSP
Jason Ingalls is an engineer-turned-entrepreneur who founded Ingalls Information Security in 2010. Prior to that, Jason was an Information Assurance engineer and Incident Responder for General Dynamics for 9 years. Jason's professional career in cybersecurity has been spent delivering solutions that reduce information technology risk. Jason leads a team of professionals who deliver information security services, with a core focus on providing technology-enabled services that scale, and serving our client's as a trust advisor for cybersecurity matters.
Janine Byas, SSAP
Ms. Byas is a Cybersecurity consultant who has worked in the industry since 2017. She is an experienced Incident Handler and credentialed Security Awareness Professional (SSAP), has lead multiple digital modernization initiatives inside the government and nonprofit space, and is a communications expert.