The relentless threat of ransomware is pushing cybersecurity workers to quit

The relentless threat of ransomware is pushing cybersecurity workers to quit

fake images

Security researchers have warned of “increasing and unsustainable levels of stress” in the cybersecurity workforce as a result of persistent ransomware threats and impending large-scale attacks, which are pushing security professionals out of the industry altogether. .

A report from cybersecurity firm Deep Instinct found that 46% of senior and executive-level cybersecurity professionals have considered leaving the industry due to stress.

This is being driven by a “relentless ransomware threat,” the researchers found, as well as supply chain attacks on a scale similar to the 2020 SolarWinds attack and the 2021 Kaseya ransomware incident, both of which had long-lasting consequences and long range. for affected organizations.

SEE: SolarWinds: Here’s how we’re building it all around this new cybersecurity strategy

The burden of preventing such attacks weighs heavily on those tasked with keeping networks and broader organizational systems secure, Deep Instinct discovered. Over 90% of cybersecurity professionals are stressed in their role, and a “significant proportion” of professionals admit this is negatively impacting their ability to do their jobs.

Those in leadership positions are likely to feel industry pressures most acutely, according to the report: One in three C-Suite executives, including CISOs, CTOs, ITOs and chief IT strategists, said they were ” very stressed.”

“More cybersecurity professionals than ever before are seriously considering leaving the industry permanently as a result of these pressures, with potentially catastrophic consequences for organizations that rely on their surveillance,” the report says.

Cybersecurity burnout and fatigue have been exacerbated by the move to remote work, which has made network security more challenging for organizations.

The reduced oversight cybersecurity teams have over devices in a remote environment makes it more difficult to ensure IT security practices are followed, many IT teams are still not equipped enough to tackle the challenges the job presents remote.

This responsibility puts more pressure on CISOs and other cybersecurity leaders: 52% of C-suite professionals surveyed by Deep Instinct said securing a remote workforce was their top concern. This was followed by the impact of digital transformation on the organization’s security posture, which the researchers said highlighted the challenges of protecting hybrid environments.

“Senior cybersecurity executives recognize that their stress levels are affecting decision-making and may have implications for companies’ security posture,” the report added.

SEE: Cybersecurity has a desperate skills crisis. Rural America Might Have the Answer

“The stress we are seeing in the cyber industry appears to be accelerating the exodus of talented people from the industry – a particular challenge when many cybersecurity defenses and mitigation processes are human-dependent, requiring constant monitoring and intervention.”

SecOps teams are also burdened with increased workloads and longer hours as a result of persistent cybersecurity threats. Nearly half of respondents who sat outside the C-suite (47%) said they felt pressured to stop every threat, despite acknowledging it was impossible to do so, while 43% felt there was an expectation to always be there. on call or available. .

The researchers identified a “widespread adoption of completely counterproductive measures” to alleviate stressors, such as turning off “overwhelming” alerts.

Lack of tools to perform their role properly and staff shortages were cited as major challenges by 40% of respondents, respectively.

“The results show that there is no clear winner that reinforces why stress levels are so high,” the researchers said. “Without a single focus on one type of attack, resources are strained and it’s obvious to see how a SecOps team can feel deflated in the face of the challenges they face.”

The ‘universal threat’ of ransomware

Cybercriminals have benefited from the move to remote work, and ransomware incidents have increased significantly in the last two years.

While organizations are generally advised not to pay hackers in exchange for encrypted data, cybersecurity professionals do so to avoid downtime and associated reputational damage should the attack become public. .

SEE: Ransomware payments: Here’s what being a victim will now cost you

More than a third (38%) of respondents admitted to experiencing a ransomware attack and paying the ransom in exchange for the decryption key, compared to 62% who did not pay. And yet, paying hackers does not guarantee the safe return of company data: 46% of those who paid for said records or sensitive information were exposed anyway, while 45% were unable to restore all their data. data. Another 23% of respondents were affected by a subsequent extortion demand after paying the ransom.

deep instinct Voice of SecOps Report 2022 was based on responses from 1,000 senior cybersecurity professionals from companies in the US, UK, Germany, and France.

All interviewees worked for companies with 1,000 or more employees, and for companies with annual revenue of at least $500 million in financial services, retail and e-commerce, healthcare, manufacturing, public sector, critical infrastructure, and technology.

Leave a Comment