2024-01-29 23:03:59
Have you ever wondered how mental health affects different industries? Ram Vaidyanathan, IT Security Evangelist at ManageEngine explains why cybersecurity has become a key point.
For many years, security analysts have prioritized their work over their mental health. However, cracks are beginning to appear. Burned out and overwhelmed analysts are another silent cybersecurity epidemic that organizations will have to manage. According to Gartner, 50% of cybersecurity leaders will change positions by 2025 due to job stress and burnout. Forrester analyst Jinan Budge says managing burnout and mental health is a priority for the security team. CISOs (Information Security Officers) must address the lack of importance placed on mental health before it is too late.
The adverse effects of ignoring fatigue on safety
Professional burnout is included as an “occupational phenomenon” in the 11th Revision of the International Classification of Diseases (ICD-11). The WHO defines it as a syndrome caused by inadequate management of work stress. Energy depletion, feelings of negativity or cynicism toward one’s job, and decreased personal effectiveness are three listed symptoms of job burnout. It is also known as “burnout.”
When it comes to safety, burnout affects both business results and individual effectiveness. In a survey conducted by Enterprise Strategy Group e ISSA, two-thirds of cybersecurity professionals rated their job as “difficult.” Almost half of them are considering leaving their jobs. This could lead to a continued reduction in SOC (Security Operations Center) teams, in addition to the existing gap between supply and demand. A smaller SOC team could mean a greater risk of data breaches, as well as a greater possibility of financial and reputational losses.
Addressing mental health issues in SOC teams
In addition to the primary responsibility of improving security maturity in their organizations, CISOs are tasked with fostering highly productive security teams. This involves addressing the various issues that affect the mental health of security analysts. These include burnout, motivation levels, and lack of security automation.
CISOs can approach it in four ways:
Recognize burnout in security teams: The growing shortage of qualified professionals has led SOC teams to perform tasks beyond their scope and capacity. Faced with the constant threat of cyberattacks, security analysts and incident response personnel feel pressure to remain alert 24/7. Acknowledging the existence of the large-scale problem instead of hiding it can lead to discussing possible solutions and best practices for the entire sector.
Foster an environment of open communication: CISOs should encourage employees to prioritize their mental health, normalize asking for help, and utilize the services the organization offers. Providing mental health support in the form of work-life balance, adequate time off and support for analysts – in case of work overload – would be a good start.
Some organizations also offer internal health services to their employees. For example, ManageEngine offers its workers access to in-house therapists and counselors to help them cope with work-related stress.
Implementation of an effective recovery plan: Many CISOs are aware that they are responsible for situations that can cause enormous losses to the organization. Corrective measures such as investing in cyber insurance and implementing a customized, error-free incident response strategy will go a long way to ensuring a plan B is in place. It is also likely to reduce the stress a frontline analyst will face.
Invest in security analysis platforms: The advent of AI means that organizations can now invest in security analytics solutions that automate secondary and repetitive tasks. It also frees up time and resources for SOC teams. Analysts can prioritize issues that require their time over false positive alerts or minor incidents.
Any member, regardless of their level, can experience burnout. While analysts deal with endless alerts, CISOs and SOC managers have to confront the fear of being held responsible for any sudden cybersecurity incident and its repercussions.
Greater mental health awareness is needed in security teams. Attackers continue to use sophisticated techniques to penetrate corporate networks and devise new ways to deploy social engineering techniques.
Did you imagine that mental well-being would influence certain tasks in such a way? Do not forget to leave your comments.
1706577716
#Mental #wellbeing #key #sustainable #success #cybersecurity