The rise in email-based cyberattacks is not only putting companies at higher risk of a breach, but it’s also taking a toll on the IT professionals tasked with defending against these attacks.
According to Barracuda’s new “Special Report: 2019 Email Security Trends” research, more than 82 percent of organizations have faced an attempted email-based security threat in the past year. Additionally, 66 percent claim that the attacks had a direct monetary cost to their company (with nearly a quarter of respondents putting that cost above $100,000). The IT professionals responding to the survey also noted that the attacks reduced productivity, resulted in downtime and business disruptions, and hurt the reputation of the IT team.
That last statistic points to a seldom discussed side-effect of these attacks — the stress and anxiety that they produce within an organization.
Cyberattacks follow you home
According to the report, these attacks affected IT security professionals’ personal lives. The data in the survey backs this up, as 47 percent of respondents in the Americas reported that their stress levels at work had increased. Forty-six percent of those in the Americas say that they worry about potential email security issues — even when they aren’t at work — and 27 percent have had to work evenings or weekends to address these issues.
Data collected in other regions demonstrates a similar trend across the globe, with 45 percent of respondents in the Asia-Pacific (APAC) region reporting they had to work evenings or weekends, and 23 percent of APAC respondents saying they had to cancel personal plans to respond to attacks.
These elevated stress levels have contributed to higher turnover and attrition rates in many organizations. Surveys show that more than 60 percent of cybersecurity professionals are considering quitting their jobs or even leaving the industry. In a market where there’s currently a shortage of skilled professionals, that’s seriously concerning.
The problem is acute enough that the Black Hat event in Las Vegas last year added a community track to address mental health and workplace stress problems. Other surveys have also measured the degree of burnout in the industry. According to a 2017 study by Enterprise Strategy Group (ESG) and the Information Security Systems Association (ISSA), 68 percent of respondents strongly agreed that a cybersecurity career could put stress on personal/professional life balance, and 38 percent confirmed that a shortage of skilled professionals had increased burnout and attrition rates.
This stress can reduce attention levels at work, and lead to high levels of turnover — which creates even more security vulnerabilities.
Tips for reducing security stress
There are several strategies that IT organizations can implement to help reduce this security-related burnout:
- Provide ways for employees to take some downtime during the workday. If they can decompress every two hours or so, they’ll make fewer mistakes and return to work more energized and alert.
- Distribute security leadership responsibility. Don’t put the job of ensuring network security on one person’s shoulders. Have multiple security leaders, and make sure there is sufficient support if the primary security lead is on vacation or leaves the organization.
- Increase training. One way to reduce security stress is to make sure the team knows about emerging threats and how to respond to potential security scenarios effectively. If they have an up-to-date response plan, there will be less chaos when an attack occurs.
- Consider outsourcing. If a company’s IT resources are spread thin, it’s one more reason to consider shifting some of the security burden to an MSP.
It is also important to provide the security team with the right tools for doing their job effectively; an ounce of prevention is worth a pound of cure. There are technology solutions available today that can reduce the chances of fire drills which can lead to increased stress levels. There are even emerging tools that use artificial intelligence and machine learning to help automate more security-related tasks, are just one example of this. These systems can easily spot potential threats more quickly and accurately than even an experienced security professional can which can lower their workload and their stress while providing even better security.
Cybersecurity burnout is a real problem and one that could potentially increase the vulnerability of your network. Organizations should address this in ways that improve the quality of life for their staff and reduce their vulnerability to attacks. Failing to solve either problem could lead to far higher costs and difficulties for the business down the road.