Stress often has a detrimental effect on decision making and this can have knock-on impacts on operational resilience. A new survey has quantified the causes of stress in cyber resilience teams and looks at possible ways to help with this. Justin Vaughan-Brown gives more details...
SecOps professionals and C-Suite executives have been on the edge of their seats with the number of ransomware attacks plaguing the industry. While stress is an inevitable part of most jobs today, high-profile jobs face an overwhelming amount of pressure. This can have serious effects on the mental health of an individual.
In the latest research carried out by Deep Instinct, we gauged the stress level of 200 C-Suite executives and high-level cyber security professionals in the UK. The findings highlighted that an alarming 90 percent of security professionals admitted to being stressed at their job, and nearly half of employees have even considered leaving the industry.
As the cyber threat landscape grows continually, so does the stress on these professionals. It is therefore essential to understand what has caused so much stress to these individuals and how it can be limited.
Reasons for cyber stress
C-Suite executives, SOC teams, as well as senior cybersecurity professionals and cyber frontliners all feel stressed about protecting their organization. However, different designations come with different stressors. Our report narrowed down the top three factors causing stress to senior cyber security professionals and to chief information security officers (CISOs).
The report unmasked that the majority of the stress caused to senior cyber security professionals and to CISOs (51 percent) is due to the threat of ransomware. If an organization is hit by a ransomware attack, it is the CISOs job to make the right decisions and a minor lapse in judgement can have a devastating impact on the enterprise. The fear of the next supply chain attack (49 percent) and digital transformation impacting security posture are also huge stress factors for CISOs.
Moreover, C-Suites feel an additional amount of stress that comes with making decisions about paying the ransom after an attack. 44 percent of respondents stated that ransomware was the biggest concern for their company’s C-Suites. The report also conveyed that paying a ransom or not is a highly debated topic in many organizations.
Ransom payment fears and regrets
Almost one-third of the respondents admitted that they had paid the ransom among which 44 percent stated that their data was still exposed by the criminal gangs. 38 percent claimed that their entire data was not recovered even after paying the ransom. The respondents paid the ransom for various reasons, most of them (73 percent) did so to avoid downtime while some to avoid bad publicity. However, despite paying the ransom there was no guarantee of a resolution post-attack, with threat actors potentially demanding further ransom payments or publishing the stolen data.
75 percent of respondents claimed that they would not pay ransom in the future. Nonetheless, amongst those who would still pay the ransom demand in the future, there was a widespread fear that they will not remain trouble-free. Most of the respondents (93 percent) did not expect all of their data to be restored, while 65 percent feared that the data that cyber gangs exfiltrated will be made public and 48 percent feared that the attackers set up a back door into their network only to return. The thought that a malware attack might take place again or an attack that took place could have an irrevocable impact can create further stress for employees and the C-suites.
Nonetheless, it is easy to point out that the common element in most of these stress factors is a lack of robust security processes to deal with a high volume of threats. Therefore, organizations need to invest in resources that can minimise human intervention in eliminating potential threats.
However, automated detection tools can actually make things worse due to false positive alerts. 85 percent of respondents on average spend nine hours a week dealing with false alarms. More than three-quarters (78 percent) of respondents mentioned that the rate of false positive alerts has gone up over the past year and some of respondents admitted to turning off the ‘too noisy’ alerts entirely. They added that they either get overwhelmed or simply do not have the time to pay attention to these alerts, which leaves the enterprise in a critical state of vulnerability.
Measures to stop a cycle of stress
It is important to understand what measures an organization can take to not only reduce the stress on its employees but also prevent itself from becoming a victim of ransomware attacks. This is where the ‘assume breach’ approach comes in.
Assuming that an organization’s networks might be breached puts the SecOps professionals on a task to protect the organization with efficiency rather than trying to avoid an attack. 40 percent of respondents stated that a balance between the ‘assume breach’ approach and prevention to reduce false positive alerts will improve the enterprise’s security posture.
Another great step that an organization can take is to deploy advanced AI-based solutions. These solutions will ensure that little to no human intervention is needed to combat threats and provide real-time detection. For instance, the most advanced form of AI, deep learning, can scrutinise thousands of contemporary threats and understand the behavioural patterns of the execution of an attack as well as the attack paths.
AI is the new stress ball
Taking a ‘prevention first’ approach can help reduce the stress burden that security professionals feel. Most security tools implemented across industries now work on the ‘assume breach’ mentality. Threat prevention tools relieve security professionals from the overwhelming pressure that they feel of detecting responding and mitigating these threats.
AI can be the saviour for security professionals in this sense. it is known that conventional machine learning-based security solutions generate a lot of false positives and are often not able to stop threats in real-time. These factors can contribute to a significant amount of stress to security professionals. This means that a solution that can detect threats well before they occur and prevent security incidences is the need of the hour for a business.
Deep learning solutions are developed with a series of compound algorithms that mimic the human brain. The solutions are developed through neural networks that are independently trained through a huge amount of raw data sets containing millions of files and programs.
The deep learning ‘brain’ over time learns to identify these programs which helps determine malicious content by observing their behaviours and activities. Deep learning can therefore prevent unknown or zero-day malware before it enters the network. This takes the burden of critical decisions away from C-suite executives and releases them from the pressure put on the security teams.
Enterprises can rely on AI-enabled tools to help create a less stressful environment. The majority of respondents mentioned that they would rather rely on AI than humans when it comes to hunting threats. The need for greater automation through AI\ML to improve security operations is recognised by 47 percent of respondents in our survey. Moreover, deep learning can detect evolving threats by continuously learning from past and present threat patterns, which reduces false positives and ensures high accuracy.
It is impossible to completely eliminate stress from the field of cyber security, but because of deep learning, this stress can be reduced significantly. A prevention-first approach helps organizations reduce their security maintenance cost and focus on resources needed for more critical cyber defence issues. It, therefore, acts as a stress ball for security teams and C-suite executives.
Justin Vaughan-Brown is VP Market Insight at Deep Instinct.