Mon, Dec 23, 2024 | Jumada al-Aakhirah 22, 1446 | DXB ktweather icon0°C

How can we address stress faced by cybersecurity professionals?

organizations should implement policies that encourage a work-life balance

Published: Mon 3 Jun 2024, 9:15 AM

Updated: Sun 9 Jun 2024, 5:25 PM

Top Stories

Combatting cybercrime: Severe punishment for offenders

Combatting cybercrime: Severe punishment for offenders

Working as a cybersecurity professional is challenging. The pressures of the job include securing the hybrid workforce and coping with constantly changing ecosystem and high expectations. Cyber threats like ransomware threaten business operations daily, and cybersecurity teams must stay ahead of motivated adversaries hellbent on achieving malicious objectives. Now, add this to the pressure of complying with national cyber regulations, and a stressful environment becomes evident, experts say.

To address these challenges, organizations should implement policies that encourage a work-life balance, such as flexible working hours, remote work options, and mandatory time off, experts suggest. “During a cyber incident, making sure members of the security team can disconnect to rest and recuperate ensures that the team can continue to operate efficiently during the incident. Additionally, providing resources for mental health support, such as counseling services, can help retain talent effectively,” says Shamla Naidoo, Head of Cloud Strategy and Innovation at Netskope.

Cybersecurity is a unique position in an organization. It has a marked difference from other functions because cybersecurity professionals face certain failures almost daily. “They are very aware of their adversaries but don’t know when or where they will strike. The constant threat of data breaches, the high stakes associated with security failures, and the often high expectations placed on cybersecurity professionals all contribute to overwhelming workloads and burnout in cybersecurity,” Naidoo said.

Due to confidentiality constraints, cybersecurity professionals cannot talk about their stressful situations like most employees. “Having a small community where they can safely share experiences and lessons will support them with the challenges of the job. What’s more, the higher you go, the more difficult it becomes. For decision-makers such as CISOs, a safe place where they can seek help, ask for support, or talk about stressful decisions they make on a daily basis could have huge positive consequences,” Naidoo said.

To address the mental health challenges faced by security specialists, this issue needs to be tackled at two levels: human and technological, experts say.

On the human level, properly managing the shifts of Security Operations Center (SOC) analysts is crucial. “Ensuring adequate rest periods and minimizing overtime can significantly reduce burnout. Regular sessions with a psychologist can help alleviate stress and provide coping strategies for dealing with the pressure of the job,” said Alexey Lukatsky, Managing Director, Cyber Security Business Consultant, Positive Technologies.

From left: Shamla Naidoo; Alexey Lukatsky and Dmitry Volkov. — Supplied photos

From left: Shamla Naidoo; Alexey Lukatsky and Dmitry Volkov. — Supplied photos

At the technological level, leveraging technologies, including artificial intelligence (AI), can enhance threat detection. “AI algorithms can swiftly identify and respond to attacks, lightening the workload for overburdened security professionals. Technologies can monitor analysts’ performance. Early signs of fatigue can be detected, prompting timely intervention by duty shift managers,” Lukatsky added.

One of the critical factors negatively impacting the mental health of security specialists is the fear of missing an attack or failing to detect hackers. This constant pressure leads experts to second-guess themselves, overanalyze situations, and repeatedly check their actions. Unfortunately, this not only contributes to burnout but also wastes valuable time and resources that could be better utilized.

“To mitigate these negative effects, it’s essential to convey to security experts that cybersecurity is similar to a game — one that cannot always be won. The primary objective for a cybersecurity professional is not to lose the cyber war. By emphasizing that everyone makes mistakes and need not be feared, the life of security experts will be calmer, Lukatsky advised.

Dmitry Volkov, CEO of Group-IB, said: “Collaboration and workload distribution is key to supporting our cybersecurity experts in the face of increased threats. We also need to provide the right tools to automate their routing tasks and improve efficiency. Celebrating success is key in encouraging employees to be involved in research that has an impact within the organization and the cybersecurity landscape. Lastly, cybersecurity professionals seek dependable support throughout crises, ensuring a sense of partnership and assistance before, during, and after challenging situations, fostering a conducive environment for sustained motivation and success.”



Next Story