Today, end-to-end cybersecurity deep learning provider Deep Instinct, released the Voice of SecOps report, examining the stress levels among 1,000 C-suite and senior cybersecurity professionals.
The research found that 45% of cybersecurity professionals have considered quitting the industry and 46% know at least one person who left cybersecurity altogether in the past year due to stress.
The most commonly reported reasons for stress included the unrelenting threat of ransomware and expectations on analysts to always be on call or available.
These findings highlight that traditional approaches to security — which typically rely on a mix of disparate alert-heavy monitoring solutions — may not be sustainable. Further, it reveals that professional organizations may not be well-equipped to deal with the threat of ransomware, creating a stressful work environment for security teams and ultimately adding to the ‘Great Resignation.’
Ransomware is one of the most stressful incidents for cybersecurity professionals to manage because the operational impact can be disastrous, as the Colonial Pipeline attack highlighted last year.
Likewise, security responders are in a lose-lose situation, forced to either risk not paying a ransom, losing access to key data, or paying a ransom, and trusting the intruder to decrypt the stolen data.
All too often attackers will not honor ransom payments. Thirty-eight percent of respondents to Deep Instinct’s report admitted to paying a ransom, 46% claimed their data was still exposed by the hackers, and 44% said they couldn’t restore their data.
At any time during remediation, negotiation, or restoration, security analysts take the blame if something goes wrong.
“In a culture of the blame game, the pressure of failure weighs heavily on security analysts. Visibility across the entire IT landscape is a challenge, leaving them blind to many issues,” said Karen Crowley, the director of product solutions at Deep Instinct. “They are working over hours, sometimes 16-18 hours a day, to keep the organization secure and the responsibility to catch a misconfiguration or mistake by an employee clicking on a malicious link falls back on them.”
The combination of an “imminent threat of a breach,” chasing false flags, and taking the blame for breaches creates a very high-pressure working environment for analysts to operate in.
The best defense that security teams have against ransomware threats is prevention.
While this is easier said than done, proactively managing the attack surface and mitigating vulnerabilities in the environment can help. Additionally, taking steps to educate employees on security best practices, such as selecting strong passwords and not clicking on links or attachments in emails from unknown senders, is also important.
If prevention fails, given the average ransomware attack takes a little more than three days from start to finish, successful intrusions give security analysts limited time to react to prevent data loss or encryption.
As a consequence, Crowley recommends that organizations invest in technologies that help to reduce false-positive alerts so that security teams have more visibility over their environment while having time for higher-value work rather than chasing false flags.
She also notes that organizations invest in solutions to send higher fidelity alerts to EDR, SIEM, or SOAR solutions so that security analysts can investigate events that have been prevented and uncover active threats on the network faster.
Of course, managed services also have a role to play in supporting overburdened security teams, particularly if they’re under-resourced or understaffed.News Source: Venture Beat