Prevent cybersecurity burnout - Lacework

Prevent cybersecurity burnout

Jose Gonzalez, Competitive Intelligence (CI) Senior Analyst

April 12, 2022

Prevent Cybersecurity BurnoutI’m willing to wager that pretty much everyone has felt the symptoms of burnout at some point in their career. Some people have a problem saying “no” when new requests come in or their ambition gets the better of them and they believe that the more work that piles up the more secure they feel in their job. However, in IT, and specifically in the field of Cybersecurity, burnout may not always be self-induced.

So, how do we define burnout? A general definition is:

“A psychological state of physical and emotional exhaustion thought to be a stress reaction to a reduced ability to meet the demands of one’s occupation; symptoms include fatigue, insomnia, impaired work performance, and an increased susceptibility to physical illness.”

While this applies to many occupations, alert fatigue within the world of cybersecurity is a very real problem. With the adoption of cloud technologies as well as DevOps principles, organizations are constantly accelerating the pace of software and service delivery. And while that well-oiled CI/CD machine will continue to run efficiently, the security teams are tasked with ensuring the entire organization’s safety and compliance. If systems are built in an insecure manner, it’s only a matter of time before they are breached by malicious actors and there is real, reputational damage associated with data leaks. Not to mention the costs related to triaging and fully investigating how a hacker got into your system in the first place let alone what they did while having escalated levels of privilege. Has the attacker somehow created persistence in your environment so they can come and go as they please? If you plug a hole somewhere, have they already created several other backdoors? And how will you be able to detect when or if the same kind of attack occurs in the future?

Tools Should Help
With such a large responsibility placed on security teams, it’s absolutely necessary that they bring in the technology and tools built for securing networks and infrastructure. But which tool or tools should be used for network security? Which tools should be used for infrastructure security? What about workload protection? And identity or data security? It’s a fact that the cybersecurity tools and vendor market is one of the most dynamic markets with new startups coming out of stealth mode on a regular basis. Just take a look at Momentum’s Cyberscape below:


Momentum Cyberscape 2021
After looking at the sheer number of vendors and tools in the cybersecurity market, it’s easy to understand that on average, enterprises can have 45 or more security tools deployed! A problem begins to arise from the procurement of too many tools. In actuality, too many tools can severely impact the productivity of a security teams’ ability to truly protect their organization efficiently. But why and how exactly is this a problem?

Let’s think about it. If you have ten security tools in your arsenal, your staff needs to understand how each of those tools function and what benefit they’re providing. What if each security tool requires its operators to create custom policies and security rules? Well, then your staff needs to learn the appropriate rule syntax for each tool. Now let’s say you’ve written rules, you’ve set up the appropriate notification channels, and you turn everything on. It’s almost a certainty the amount of alerts and security events that are generated will be overwhelming or even unmanageable. Human analysts simply don’t have the time to review and investigate hundreds or thousands of alerts. The only way to reduce the noise is to begin suppressing rules. But this can lead to true indicators of compromise being completely missed, which is the opposite of the result the security team is aiming for.

The Cybersecurity Talent Shortage and Burnout
A startling revelation is that the cybersecurity talent shortage is entering the sixth year with little to no progress or end in sight. Cybersecurity professionals have a 0% unemployment rate. Zero! What that means is any engineer with a background in security has a guaranteed job if they want it. With millions of open security positions yearning for someone to fill them, it’s no surprise that most security teams are lean by default. So, if your idea was to hire more security professionals to combat the avalanche of alerts and events that are being generated on a daily basis, you may be completely out of luck. You simply cannot hire your way out of this particular problem.

This places an additional burden on your existing resources. Thinking back to the original definition of burnout, many security professionals may start to believe that the demands of their jobs are unachievable. And when a valuable team member finds a new job and leaves your organization, there’s a strong chance their role will go unfilled for some time, only adding strain to the already-stretched-too-thin resources left on the team. The result? You guessed it. More burnout. More turnover. It’s a self-perpetuating cycle that is backed by research. According to the Life and Times of Cybersecurity Professionals 2021 Report:

“The top ramifications of the skills shortage include an increasing workload for the cybersecurity team (62%), unfilled open job requisitions (38%), and high burnout among staff (38%).”

At this point, every hiring manager should be expecting difficult questions from anyone who interviews for a security position. How many security tools are deployed? On average, how many alerts do security analysts receive on a daily basis? What is the stress level like on the team? How automated is your approach to cloud security?

Is There A Solution?
As a result of the global pandemic pressing organizations to adopt cloud technologies, there has been a parallel rise in cyberattacks. And legacy security tools that rely on constant rule writing produce too many alerts because of the amount of data that is generated by the cloud and the constantly changing nature of cloud-native applications. Attackers are constantly developing novel and sophisticated attacks, which leaves so much unknown to security teams. Add in staff and talent shortages, plus resources who are feeling the symptoms of burnout, which impacts their work performance and it’s the perfect storm for any organization. So, is there a solution?

In this modern age of cybersecurity, companies are finding more value in taking a data-centric, platform approach when implementing a security solution that is purpose built for the cloud. By leveraging automation and machine learning in a security solution, for example, an organization can take millions or billions of security signals from cloud accounts and workloads, learn thousands of user or entity’s normal behavioral patterns, identify hundreds of security issues, and surface a handful of high or critical events on a daily basis. By removing the heavy lifting of threat hunting and context gathering, your security analysts won’t be wasting their limited time and energy with manual investigative work. And by providing a low signal-to-noise ratio, cybersecurity professionals won’t be subjected to the extremely high workload demands that typically result in burnout. They may even feel energized and ready to take on securing cloud accounts and cloud workloads, which is one of the toughest challenges in the IT industry at the moment.

It’s time to evolve your security teams’ capabilities by adopting a modern cloud security solution to enable rapid innovation while prioritizing safety. Imagine how many more cybersecurity professionals you could hire by letting them know your organization is using a cutting edge technology solution that has significantly reduced your employee burnout by completely automating all the manual and redundant tasks a typical analyst is accustomed to? And all without ever writing a single security rule or policy.