A survey of 900 full-time security decision-makers and practitioners from companies with 200 or more employees published today finds that nearly two-thirds of respondents (63%) are experiencing some level of burnout, with more than half (55%) reporting they are likely to switch jobs next year.
Conducted by the market research firm Sago on behalf of Tines, a provider of a cybersecurity automation platform, the survey identified pending time on manual work (53%) as the most frustrating aspect of being a cybersecurity professional. A full 80% noted their workloads have increased in the last year, with a quarter (25%) reporting they are spending more than half their time on tedious tasks.
Despite these issues, however, a full 99% also said they are satisfied with their current role, with an almost identical percentage (98%) saying they are engaged with their work.
Tines COO Thomas Kinsella said given the chronic shortage of available cybersecurity expertise, the only option to reduce burnout is to rely more on automation. The survey found 92% of respondents work for organizations that are automating at least some of their work, with 93% noting more automation would improve their work-life balance.
The primary issue is that cybersecurity teams today are overwhelmed by alerts that need to be investigated, which, over time, results in high levels of burnout, noted Kinsella.
In contrast, there is generally a high level of adrenaline flowing when there is an actual incident that most cybersecurity professionals view as an opportunity to show off their skills, but long periods of investigation into false-positive alerts eventually take a psychological toll, he added.
Cybersecurity professionals would also be well-advised to find the time needed to focus more on their mental health in a profession that is inherently stressful, said Kinsella.
Despite increased appreciation for cybersecurity at the higher echelon of organizations, it’s not apparent that the everyday working experience of cybersecurity professionals is improving as cyberattacks continue to increase in volume and sophistication. Cybercriminals, for example, are starting to make use of artificial intelligence (AI) to craft phishing attacks that are more challenging to detect.
Hopefully, AI will also enable defenders to level what is today a decidedly unlevel playing field, but it may be a while before those advances are broadly accessible. In the short term, however, AI might create more stress for cybersecurity professionals as adversaries appear poised to benefit from it sooner than they will.
It’s not clear how many seasoned cybersecurity professionals might be looking to switch careers versus simply finding a different job. There is no shortage of open positions, so switching jobs is relatively easy for cybersecurity professionals who have a proven track record. In many cases, however, the stress level is likely to be the same. If an organization is spending more on cybersecurity, it’s likely because they recognize they are a tempting target that attracts attention from cybercriminals. After all, there is usually little to no correlation between the size of the cybersecurity budget and the overall level of stress that might be experienced.
Via a Darwin update, Palo Alto Networks this week added six capabilities to its cloud-native application protection platform (CNAPP).
Law enforcement agencies throughout Europe and the United States took a big swing at the notorious RagnaLocker ransomware group, arresting…
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events…
Part 9: Perception vs. ConceptionThe concepts discussed in this post are related to those discussed in the 9th session of…
At some point we must say goodbye to our beloved products. Mend.io VP of Product Jeff Martin explains why letting…
via the webcomic talent of the inimitable Daniel Stori at Turnoff.US. Permalink