listen to this article:
Cybersecurity professionals not only have to worry about the increase in security breaches and attacks that have dominated the news in recent weeks; they must also contend with the persistent feeling of not doing enough, risking too much, and overall cyber burnout.
When it comes to Cybersecurity professionals, the IT industry is already prone to morale slumps, due to –– a distinct skill shortage, a lack of career guidance resources, salary concerns, oversaturation of the market (too many people competing for too few positions), the career leading to poor work-life integration, and the nature of cat-and-mouse game often played between threat actors and security experts.
The COVID-19 pandemic added two new dangerous factors to the mix: a decided upswing in cybersecurity threats and a switch to a work-from-home environment.
According to a 2020 Ponemon Institute study, over one-third of SOC environments have switched to remote work due to the pandemic; 75% of respondents who worked from home reported experiencing burnout because of the dual stress of working in an unfamiliar environment and an upswing in cyberattacks – a 10% increase since late 2019.
The latest report adds that security leaders are offering higher salaries to compensate for the work-life balance gap – but it may not be enough. For the first time, Chief Information Security Officers and other high-level security leaders must consider an additional operational threat to their success: the emotional cost.
Traditional Work Environments Lead to At-Home Overwhelm
Securing, transferring, and verifying information in traditional cybersecurity environments involve a series of manual processes: executing transactions via a hard disk key between Hardware Security Modules (HSMs), for example, or using USB keys to verify authentications.
This situation is also compounded by the proliferation of in-house, “do-it-yourself” security teams that build their cryptographic security from scratch – the traditional solution of choice by enterprises. As a result, few processes are consistent; security protocols must be customized for each use case, and maintenance and upkeep incur high costs in both time and money. The result is an onslaught of employee frustration at long and cumbersome processes, even at the best of times.
Centralize Systems Without Sacrificing Security
Centralizing key management systems provides compliance, operational, and business benefits to enterprises in the long term. A “single pane of glass” – whereby security teams can see, manage, and audit information transfers, transaction authentication, and asset data from anywhere – provides transparency to disparate teams and allows for more consistent security protocol implementation.
Keeping critical data in multiple silos, however, has become an industry standard for a number of reasons. Among them: the need for backward compatibility with legacy systems; different teams utilizing different key services available for specific cloud vendors; and security requirements and standards, such as certain levels of FIPS 140-2, which demand segregation of keys and segregation of authority for key operations and transactions.
In short, cybersecurity firms are often required to keep keys separate and keep processes manual and complicated – and it is causing them to suffer from high turnover and operational headaches.
Oltsik, Jon. “The Life and Times of Cybersecurity Professionals 2020.” Enterprise Strategy Group and the Information Systems Security Association International, July 2020.
Ponemon Institute Study, Second Annual Study on the Economics of Security Operations Centers – What is the True Cost of Effective Results, January 2021.
“Improving the Effectiveness of the Security Operations Center.” Ponemon Institute LLC, June 2019. Sponsored by Devo Technology.