Brand Abuse, Digital Fraud, Data Leakage, Sales Abuse, Partner Compliance, Threat Intelligence

The Dangerous Effects of Burnout on Information Security Talent

By Fabio F. Ramos on
SHARE

Professionals in every segment of the market are vulnerable to excessive pressure, the accumulation of responsibilities, meetings, goals, deadlines, physical—and especially mental—exhaustion. A recent Gallup study indicates that two-thirds of full-time workers experience burnout on the job. Yet when employees say they usually have sufficient time to complete their tasks, they are 70% less likely to experience a high burnout rate.

In the area of technology in particular, we have noticed an increase in disorders affecting information security specialists. According to a 2016 survey conducted by the Robert Half consultancy, 81% of CEOs feel that pressure on technology professionals has greatly increased in recent years.

At the gigantic RSA Conference, held in San Francisco last March, we tracked various cybersecurity trends, including mental and physical health issues. One of the most talked-about keynote messages was that of Ann Johnson, Microsoft’s corporate vice-president of cybersecurity. She revealed that due to the stressfulness of their current positions, 66% of professionals in that sector want to look for less exacting jobs, even those with lower pay.

It’s no secret that digital security is one of the most sensitive areas for any company; after all, it entails responsibility for one of the most strategic assets: data. Information security technicians must be skilled at protecting data, mapping and addressing digital risks that could potentially compromise the confidentiality of information, endangering the company’s reputation and perhaps even the business itself. In large organizations, these professionals are responsible for Security Operations Centers (SOCs).

The SOC is designed to be an intense center for monitoring cybersecurity. The objective is to concentrate any and all demand for company data protection in all its phases, including prevention, detection, quick solutions, assessments and reporting.

Because it involves threats to the business, the environment is infused with a general feeling of anxiety and tension. There exists an illusion that such professionals are superheroes who give quick and sharp answers, and come equipped with a magic wand that can resolve any incident. In any case, there is an expectation of perfectionism and total focus on the task at hand, so that there can never be a breach, leak or even a phishing attack—situations that in fact can escape the control of any professional. Moreover, cybersecurity professionals are expected to keep up with hackers’ technical advances. Imagine tens of thousands of people on the attack, with a minimal number of “goalies.”

Since the Internet began 30 years ago, the volume of information and data available on the web has been constantly increasing. More than two billion online sites can now be accessed, with approximately 44 zettabytes (ZiB), or 44 trillion gigabytes of stored data. If we include the deep web, those numbers are multiplied an astronomical 500 times. This scenario means that the security professional lives with the pressure of constantly staying one step ahead of cybercriminals, who deploy the most advanced technologies in existence.

The impact of this technological ecosystem is very great. Microsoft foresees an unmet demand for more than three million security professionals within the next two years. This situation has created a need for intelligent, automated tools to help process and analyze the hundreds of millions of signals coming through companies’ systems that could potentially put their brands at risk.

Europe’s General Data Protection Regulation (GDPR) and similar legislation now being enacted in the US and other countries will exert even more pressure in the area of security, since mistakes will be punished with severe fines. More pressure means more stress on cybersecurity professionals, which could in turn produce more errors—exactly the opposite of what the industry hopes will occur.

event-image

ESPECIALISTA CONVIDADO

Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware

AUTHOR

Fabio F. Ramos

CISSP, CISM e fundador da Axur, empresa global e líder na América Latina em monitoramento e reação a riscos digitais. Acumula 20 anos de experiência em segurança digital, tendo trabalhado no conselho de empresas de tecnologia no Brasil e nos Estados Unidos.