Deep Instinct, a supplier of end-to-end cybersecurity deep learning, has released the Voice of SecOps research, which examines the stress levels of 1,000 C-suite and senior cybersecurity employees.
According to the data, 45% of cybersecurity workers have pondered leaving the sector, and 46% know at least one person who left the field due to stress in the past year.
The most often cited causes of stress were the persistent threat of ransomware and the expectation that analysts be always on call or available.
These results indicate that traditional approaches to security, which often rely on a variety of fragmented monitoring technologies that are alert-heavy, may not be sustainable. In addition, it demonstrates that professional businesses may not be well prepared to cope with the ransomware threat, causing a stressful work environment for security professionals and ultimately contributing to the “Great Resignation.”
Ransomware anxiety: a lose-lose circumstance
As demonstrated by the Colonial Pipeline assault from the previous year, ransomware is one of the most difficult crises for cybersecurity professionals to address due to its potentially catastrophic operational consequences.
Similarly, security responders are forced to choose between paying a ransom and trusting the intruder to decrypt the stolen data, or risking not paying a ransom and losing access to crucial data.
In truth, assailants frequently do not honor ransom payments. 38% of respondents to Deep Instinct’s report admitted to paying a ransom, 46% stated their data was still exposed by the hackers, and 44% said they were unable to restore their data.
If something goes wrong at any point during repair, negotiation, or restoration, security analysts are held accountable.
“In a culture of the blame game, the pressure of failure weighs heavily on security analysts. Visibility across the entire IT landscape is a challenge, leaving them blind to many issues,”
“They are working over hours, sometimes 16-18 hours a day, to keep the organization secure and the responsibility to catch a misconfiguration or mistake by an employee clicking on a malicious link falls back on them.”
Karen Crowley, the director of product solutions at Deep Instinct.
The combination of an “imminent threat of a breach,” chasing false flags, and accepting responsibility for breaches produces a very stressful working environment for analysts.
How should security teams react to ransomware attacks?
Prevention is the best defence security teams have against ransomware threats.
This is easier said than done, but proactively managing the attack surface and limiting environment vulnerabilities can assist. In addition, it is essential to educate personnel on security best practices, such as choosing strong passwords and avoiding clicking on links or files in emails from unknown senders.
Given that the average ransomware assault takes a little more than three days from start to completion, successful invasions leave security analysts little time to avoid data loss or encryption if prevention fails.
As a result, Crowley proposes that firms invest in technology that aids in reducing false positive alarms, so that security professionals have greater visibility over their environment and have time to focus on higher-value tasks rather than chasing false flags.
She also says that enterprises invest in technologies that transmit more accurate alarms to EDR, SIEM, and SOAR solutions so that security analysts may examine prevented incidents and find active network threats more quickly.
Obviously, managed services also play a role in helping overburdened security personnel, especially if they are underresourced or understaffed.