Everyone is burned out. That's becoming a security nightmare

Two years into the pandemic and the challenges around remote working are taking their toll. We're making bad tech security decisions as a result.
Written by Danny Palmer, Senior Writer

Cybersecurity workers and other employees are suffering from a high level of burnout that is putting organisations at greater risks from cyberattacks and data breaches.

Research by cybersecurity company 1Password suggests that the challenge of remote working two years into the COVID-19 pandemic is leaving staff feeling burned out and less likely to pay attention to security guidelines.

According to the survey, burned-out employees are more apathetic about workplace cybersecurity measures and are three times more likely to ignore suggested best practices.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Risky behaviours include downloading software and apps without IT's express permission, and thus increasing the amount of shadow IT on networks that's difficult for the IT department to properly manage. There's also the risk that these employees could download fake or malicious versions of apps, which could potentially deliver malware and other threats from hackers.

The paper also warns that burned-out employees are much more likely to use easy-to-guess passwords to secure their corporate accounts. The use of weak passwords makes it much easier for cyber criminals to breach accounts and use that access to snoop around the network, steal information and lay down the foundation for wider malicious activity.

"The biggest threat is internal apathy. When people don't use security protocols properly, they leave our company vulnerable," said one unnamed cybersecurity professional cited in the report.

In many organisations, it's cybersecurity staff who are there to counter activity that could make the network vulnerable to cyberattacks – but according to the paper, cybersecurity professionals are more burned out than other workers. The research suggests that 84% of security professionals are feeling burned out, compared with 80% of other workers.

And when cybersecurity employees are burned out, they're more than likely to describe themselves as "completely checked out" and "doing the bare minimum at work" – something that one in 10 cybersecurity professionals described as their state of mind compared with one in 20 of other employees.

That attitude could easily result in security threats being missed or flaws not being fixed in time, something that could put the whole company at risk from cyber incidents.

"Pandemic-fueled burnout – and resultant workplace apathy and distraction – has emerged as the next significant security risk," said Jeff Shiner, chief executive officer at 1Password. "It's particularly surprising to find that burned-out security leaders, charged with protecting businesses, are doing a far worse job of following security guidelines – and putting companies at risk".

The rise of remote and/or hybrid working has changed many workplaces in a permanent way and it's vital that the correct cybersecurity strategies are put in place to manage risk.

Additionally, managers need to talk to employees about the challenges working from home can bring in addition to the benefits – therefore, gaining a better understanding over why burnout happens and what can be done to counter both burnout and the associated security risks.

"It's now a business imperative for companies to engage the humans at the heart of security operations with tools, training and ongoing support to create a culture of security and care that helps us all stay safe at work," said Shiner.


Editorial standards