We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
Today, end-to-end cybersecurity Deep Learning provider Deep Instinct released the Voice of Secups report, examining stress levels among 1,000 C-suites and senior cybersecurity professionals.
Research has found that 45% of cybersecurity professionals plan to leave the industry and 46% know at least one person who quit cybersecurity altogether over the past year due to stress.
The most commonly reported causes for stress include the constant fear of ransomware and the expectation that analysts will always be on call or available.
These findings highlight that traditional approaches to security – which usually rely on a combination of unbalanced warning-heavy surveillance solutions – may not be sustainable. Furthermore, it states that professional organizations may not be well-equipped to deal with the threat of ransomware, creating a stressful work environment for security teams and ultimately adding ‘great resignation’.
Ransomware stress: a win-lose situation
Ransomware is one of the most stressful events for cybersecurity professionals to manage as the operational impact can be devastating, as the Colonial Pipeline Attack was published last year.
Similarly, security responders are in a situation of being lost, either forced to take the risk of not paying the ransom, or losing access to key data, or the ransom being paid, and trusting the intruder to decrypt the stolen data.
In fact, attackers often do not respect the payment of ransom. 38% of those reported by Deep Instinct agreed to pay the ransom, 46% claimed their data was still leaked by hackers, and 44% said they could not restore their data.
At any time during the remedy, negotiations or restoration, security analysts take the blame if something goes wrong.
“In a culture of blame game, the pressure of failure is heavy on security analysts. Visibility is a challenge across the IT landscape, blinding them to many problems, “said Karen Crowley, Director of Product Solutions at Deep Instinct. “They are working more than 16-18 hours a day to keep the organization safe and the responsibility for catching the wrong configuration or error by an employee clicking on a malicious link falls back on them.”
The combination of “imminent danger of breach,” chasing false flags and blaming for violations creates a very high-pressure work environment for analysts to work with.
How security teams can respond to ransomware threats
Security teams have the best protection against the dangers of ransomware.
While this is easier said than done, it can help to actively manage the attack surface and reduce vulnerabilities in the environment. In addition, it is important for employees to take best security measures, such as choosing a strong password and not clicking on links or attachments in emails from unknown senders.
If prevention fails, the average ransomware attack takes just over three days from start to finish, with successful intrusion giving security analysts limited time to respond to prevent data loss or encryption.
As a result, Crowley recommends that organizations invest in technologies that help reduce false positives, so that security teams have more visibility into their environment, while having time for high-value work rather than chasing false flags.
She also notes that organizations invest in solutions to send high loyalty alerts to EDR, SIEM or SOAR solutions so that security analysts can investigate incidents that have been prevented and quickly expose active threats to the network.
Of course, managed services also have a role to play in supporting overburdened security teams, especially if they are under-resourced or under-staffed.
Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.