SecOps Team Self-Care Red Alert

The past several years’ pandemic, political unrest, war and supply chain failures have exacerbated several lingering problems in the corporate world and society. One was the increasing proliferation of cyberattacks, which was made worse by a sudden shift to remote work without the underlying security infrastructure to support it. Another has been the ongoing challenges related to untreated mental health problems that increased during the pandemic due to heighted stress, anxiety and depression.

Both of those issues have converged in corporate IT departments, where a shortage of skilled IT security experts has led to high turnover, burnout and what should be an alarming lack of preparedness.

Stress Takes Its Toll More Easily on Cybersecurity Professionals

Cybersecurity is a high-stress field. New threats are constantly emerging, the pace of change is rapid, and innovation and vigilance must remain high. However, there are simply not enough trained IT staff to go around. While that has driven up pay, retention rates are trending down as staff suffer burnout or are tempted away by more lucrative opportunities. As a result, the few staff members left are asked to do even more with fewer resources, perpetuating the cycle.

According to a Chartered Institute of Information Security report, more than 80% of cybersecurity personnel report facing more stress now than before the pandemic. Cybermindz, an organization focused on mental well-being in the cyber community, also recently published an update indicating that cyber professionals score significantly worse on burnout measures than the population at large.

“Cybersecurity workers are the unsung heroes of our time,” said Cybermindz founder Peter Coroneos. “Their day-to-day work is invisible, but a single failure through a breach that can affect millions of people makes headlines. The rapidly evolving and relentless attack environment defies any sense of ‘job well done.’ The one successful attack that could end their career could be around the corner. They are mission-driven with a strong protective ethos. But a sense of hopelessness will eventually take its toll on even the most committed worker.”

Companies rely on their cybersecurity teams more than ever but risk losing these critical employees to burnout. What can be done?

Businesses Must Recognize the Challenges and Make the Right Investments

First, companies need to invest in internally growing and training new IT and security teams — these technicians will not fall into your lap. That means identifying existing employees that can be prepared and moved into these positions and recruiting and training staff from non-traditional fields. But that is the long-term solution. Your SecOps staff needs help now before they crater.

Help needs to come from the top. While the security team primarily focuses on outside threats, team leaders and department managers must look within and recognize their staff is under tremendous stress. Hours, staffing and pay must be organized to give these critical staffers a break. Otherwise, you risk essential security breakdowns because staff are too tired to do their jobs well or you do not have enough people to respond effectively to attacks.

Make investments in cybersecurity technology that can help lighten the load on the SecOps team. The number of threats facing most corporate networks is too great for any size team to handle manually. As a result, SecOps teams need new security software tools that utilize artificial intelligence (AI) to scan for email threats and software that can initiate mitigation processes automatically when a threat is identified to relieve some of their burdens.

Consider outsourcing some security functions. Given staffing and resource constraints, hiring a managed security services provider may make sense to improve a company’s security posture. Partnering with a service provider with the security prowess to hire services such as 24/7 security operations center (SOC) can help manage the daily tasks associated with keeping networks and applications secure, freeing up internal staff to focus on more strategic issues (and make room for some much-needed time off). Outsourcing can also help internal IT personnel do their jobs better since they won’t be splitting their focus between these strategic duties and the unending daily stream of alerts they must address.

Empowering Workers to Advocate for Better Work-Life Balance Is Important

Companies should also foster an environment where staff can comfortably advocate for better work-life balance. This can be challenging, especially for early-career tech staffers who don’t want to jeopardize their future advancement. Teams should be empowered to discuss and address workload issues and other challenges and feel comfortable asking for help when overwhelmed.

This is extremely important, as illustrated in a recent Forbes article. Employees suffering from this type of burnout are less able to function well on the job, putting them at risk of the side effects of depression and anxiety. It also puts the entire organization at risk.

When handling cybersecurity staff burnout, prevention is a better strategy than reactively trying to fix the problem after the fact. A secure IT infrastructure is key to having a healthy, happy, alert cybersecurity staff.

“We must build a strong and resilient cyber workforce,” said Coroneos in a recent Cybermindz update. “If they fall, we all fall.”

Aidan Kehoe is Senior Vice President of Barracuda, a trusted partner and leading provider of cloud-first security solutions.

This guest blog is part of a Channel Futures sponsorship.