Have you ever wondered how mental health affects different industries? Ram Vaidyanathan, IT security evangelist at ManageEngine, explains why cyber security has become a moot point.
For many years, security analysts have prioritized their work over their mental health. However, cracks are beginning to appear. Tired and overwhelmed analysts are another silent cybersecurity epidemic that organizations must manage. According to Gartner50% of cybersecurity leaders will change their position by 2025 due to job stress and burnout. Forrester analyst Jinan Budge says managing burnout and mental health is a priority for the security team. CISOs (Information Security Officers) must address the lack of importance placed on mental health before it is too late.
Adverse effects of ignoring fatigue on safety
Occupational burnout is included as an “occupational phenomenon” in the 11th revision of the International Classification of Diseases (ICD-11). WHO defines it as a syndrome caused by inadequate management of work stress. Lack of energy, feelings of negativity or skepticism toward one’s job, and decreased personal effectiveness are the three listed symptoms of job burnout. This is also known as “burnout.”
When it comes to safety, burnout impacts both business results and personal effectiveness. In a survey conducted by Enterprise Strategy Group and ISSA, two-thirds of cybersecurity professionals described their jobs as “difficult.” Nearly half of them are considering leaving their jobs. This, in addition to the existing gap between supply and demand, could lead to a continued shortage of SOC (Security Operations Center) teams. Smaller SOC teams can mean greater risk of data breaches, as well as greater potential for financial and reputational damage.
Addressing mental health issues in SOC teams
In addition to the primary responsibility of improving security maturity in their organizations, CISOs are tasked with fostering highly productive security teams. This includes addressing various issues affecting the mental health of security analysts. These include burnout, motivation levels, and lack of security automation.
CISOs can look at this in four ways:
Recognize burnout in security teams: The increasing shortage of qualified professionals has led SOC teams to work beyond their scope and capacity. Facing the constant threat of cyber attacks, security analysts and incident response personnel feel pressure to remain alert 24/7. Acknowledging the existence of a large-scale problem rather than hiding it can lead to discussion of possible solutions and best practices for the entire sector.
Promote an environment of open communication: CISOs should encourage employees to prioritize their mental health, normalize seeking help, and utilize the services provided by the organization. Providing mental health support in the form of work-life balance, adequate time off, and support for analysts in case of workload overload would be a good start.
Some organizations also provide in-house health services to their employees. For example, ManageEngine offers its employees access to in-house therapists and counselors to help them deal with work-related stress.
Implementation of an effective recovery plan: Many CISOs know that they are responsible for situations that can cause huge losses to the organization. Corrective measures such as investing in cyber insurance and implementing an optimized, error-free incident response strategy will go a long way in ensuring Plan B. This is also likely to reduce the stress faced by a frontline analyst.
Invest in a Security Analytics Platform: The advent of AI means organizations can now invest in security analytics solutions that automate secondary and repetitive tasks. It also saves time and resources for SOC teams. Analysts can prioritize issues that require their time rather than false positive alerts or minor incidents.
Any member, no matter their level, can experience burnout. While analysts deal with endless alerts, CISOs and SOC managers face the fear of being held responsible for any sudden cybersecurity incident and its fallout.
There is a need for greater mental health awareness in security teams. Attackers continue to use sophisticated techniques to infiltrate corporate networks and invent new ways to deploy social engineering techniques.
Did you imagine that mental health would impact certain jobs this way? Don’t forget to leave your comments.