Cybersecurity teams are struggling with burnout, but the attacks keep coming

Coronavirus has obliged many organisations to force security teams to work remotely - and that's making the job of securing whole businesses against threats much harder.
Written by Danny Palmer, Senior Writer

Cybersecurity teams are facing new challenges to how they work as the Covid-19 pandemic has forced many security operation centres (SOC) to work remotely while also having to deal with new threats – all of which is leading to higher workloads and an increase in burnout for staff.

Research by the Ponemon institute and Respond Software surveyed information security staff and found that the coronavirus pandemic is increasing hours and workloads of staff in a profession that was already a high intensity environment for people to work in.

The events of 2020 saw many office-based teams shift to working remotely and that was the same for a significant number of cybersecurity personnel. More than one third of SOC environments shifted to working remotely as a result of the pandemic. While this has understandably happened to protect people from the virus, over half of those now working remotely say it's had an impact on operations.

SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)

That comes at a time when security teams having to deal with a range of threats including phishing, malware and ransomware – and defending against them has become even more challenge as businesses have adapted to entire workforces working from home.

The switch to working remotely has provided cyber criminals and malicious hackers with additional avenues to potentially enter corporate networks as employees connect to work systems from their home internet connections and even their personal computers.

This has created additional challenges to securing endpoints when it was already challenging within a corporate environment – while security teams are also trying to balance work with the additional pressures of working from home.

"Working remotely is subject to distractions that you would not typically have in a physical SOC, such as family, friends, pets, roommates or even not having a good home setup, such as working from the couch versus your typical desk," Chris Triolo, vice president of Respond Software told ZDNet.

"This can make it hard for the analyst to stay productive and focus on defending against bad actors as they should, creating additional stress for the SOC analyst."

According to the survey, the additional pressure of working in cybersecurity while also working from home has lowered morale of SOC staff, with three-quarters stating that they've experienced burnout as a result.

SEE: Coronavirus: Business and technology in a pandemic (ZDNet Special Feature)

Such is the extent of burnout that some security analysts are leaving their roles while organisations are attempting to attract – and retain – employees by offering higher salaries than ever before. According to the research paper, the average salary of a security analyst stands at $111,000, up from $102,000 a year ago.

"The SOC operates best when it is in-person and most industry professionals would likely agree with that sentiment. However, it is safe to say that some organizations may prefer to keep the SOC remote due to various factors including lowering rent costs of office space," said Triolo.

Whatever happens, organisations need to learn how to manage cybersecurity when staff can't work from the office – and be more prepared if another event forces a similar pattern of remote working in future.

"Regardless of if the SOC goes back to becoming an in-person entity or not, organizations have now learned that disaster and emergency plans need to go beyond just a physical disaster like a fire or a flood. We need to start thinking about situations like a pandemic where security analysts may be physically displaced and unable to safely be in the same room together at work," Triolo said.


Editorial standards