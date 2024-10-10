Comment - World Mental Health Day - ISMS.Online, Logpoint, Integrity360

October 2024 by ISMS.Online, Logpoint, Integrity360

As today is World Mental Health Day, a pressing issue in the cybersecurity sector due to workloads, legislation and cutbacks, the comments from spokespersons at ISMS.Online, Logpoint and Integrity360.

ISMS.Online

"There’s no question that cybersecurity has become a huge burden on mental health, both for those tasked with securing their assets and those dealing with the repercussions of an attack. This has manifested with the shift from "if" to "when" an attack might occur and has intensified the pressures individuals face across all organisational levels.

This reality not only heightens the stakes but also adds significant mental strain as employees grapple with the complexities of modern cyber threats. In line with World Mental Health Day, we are reminding individuals that "Cyber Security Starts With You," and highlighting that the responsibility for cybersecurity extends far beyond simply the CISO and IT teams.

Every team member, regardless of their role, has a part to play in fostering a secure environment. The burden of cybersecurity should not rest solely on the shoulders of a few; rather, it is a collective responsibility that requires engagement from everyone. This shared approach can alleviate the mental load associated with the fear of breaches and compliance failures.

While the added responsibility may seem daunting, it is essential to recognise that small, proactive steps can make a substantial difference. Employees can start by participating in training sessions, staying informed about potential threats, and practicing good cyber hygiene. These actions not only enhance individual awareness but also contribute to a culture of resilience within the organisation.

Being prepared and knowing how to respond effectively when an attack occurs can significantly reduce anxiety and stress. By nurturing an environment where everyone is involved in cybersecurity, we can transform what may feel like an overwhelming burden into a manageable, shared effort.

By fostering a culture of cyber awareness and taking small steps like staying informed about security best practices and following compliance frameworks, it can go a long way in making the workplace more secure and reducing the anxiety that comes with the weight of responsibility.

By starting small, staying informed, and supporting each other, we can prioritise both our organisational security and our mental well-being." Luke Dash, CEO, ISMS.online

Logpoint

"One of the most stressful jobs in the cybersecurity sector has to be that of the security analyst. Tasked with monitoring the alerts generated by tooling in the Security Operations Centre (SOC), it’s not unusual for an individual analyst to have to triage, investigate and escalate in excess of 100 alerts during a 12 hour shift as well as communicate with customers, write lengthy reports and threat models and create threat advisory releases.

It’s an unsustainable way of working that sees the analyst lurch between rapid decision making and deep problem solving, resulting in burnout. Every time an alert is generated, the analyst has to react, triggering a stress response. It’s like cold-starting an engine a hundred times a day and inevitably leads to the analyst becoming desensitised. Coping mechanisms kick-in as the brain seeks to find ways to protect itself, and without sufficient positive feedback the analyst becomes demoralised and demotivated, so that even when a genuine alert does happen, they struggle make the right call and respond appropriately.

Alert fatigue is a recognised problem but it remains a guilty secret. Analysts feel they should be able to cope and feel unable to ask for help not just from within their team but even on online forums. The job is not the one they signed up for, which was to hunt for threats and refine and hone their skills, and all too often it leads to them quitting the industry entirely because they know the role will be the same even under a different employer.

It’s an issue compounded by the way threats are evolving. Attackers are increasingly using techniques that leave no real trace and utilise the resources of the operating systems, so-called Living off the Land (LotL) attacks. Detection rules then have to be set up to look for ’normal’ behaviours and this then generates even more false positive alerts. In addition, Generative AI is being used to write malware faster while tactics, techniques, and procedures (TTPs) are becoming more difficult to detect, rendering classic detection useless. This then further reduces the likelihood of true positive alerts being generated.

So, how do we address these issues and destress the role? One approach is to look at the sequence of detection instead of feeds and speeds. Using AI, it’s possible to assess and interpret suspicious or malicious activity before handing it over to the analyst in an approach known as Contextual Threat Prioritisation (CFP).

If the sequence of events detected is correlated with threat intelligence and fed through AI it can be used to determine what we are seeing, how far the attack has progressed, and to present what the next steps should be in the investigation. AI is used to qualify the threat by asking simple questions on top of a sequence of detections to describe what we’re seeing and prescribe what should be done about it, instead of serving up every single alert to the analyst.

Essentially, AI will present a chain of events to the analyst only at the point when it becomes statistically unusual and warrants human eyeballs on it. In doing so it will help increase the efficiency of the analyst but ultimately also allow them to spend their time on the things that they enjoy which is why they signed up to the job." Christian Have, CTO, Logpoint

Integrity360

"The impact of cybersecurity on mental health, particularly among IT decision-makers who are on the frontlines of defending sensitive data, is a growing concdern. In fact, 2023 research from Integrity360 revealed some concerning trends. Almost 70% of IT leaders reported that budget cuts had negatively impacted their mental health, and 55% noted a reduction in access to mental health resources due to economic challenges. The resurgence of ransomware and the pressure to protect data were also causing sleepless nights, with nearly 60% of IT professionals admitting these factors have worsened their mental well-being.

Protecting sensitive data (48%) remains the top challenge keeping decision-makers awake, but this is closely followed by managing risk and compliance (28%) and ransomware (25%). The resurgence of ransomware, in particular, was cited as a major source of stress, with 57% of those surveyed acknowledging its negative impact on their mental health. As businesses face sophisticated attacks like double extortion, the pressure to protect against evolving threats has intensified, pushing IT leaders to their limits.

In the face of these challenges, it’s clear that cybersecurity isn’t just a technical issue—it’s a mental health one too. While 70% of IT leaders noted that their organisations provide some support for mental health, 75% called for further investment in these resources. As cyber threats continue to evolve, so too must the support provided to those tasked with defending against them.

Organisations must take a proactive approach and need to be prepared to respond to cyberattacks effectively. This means investing in both security solutions and mental health resources. Enlisting third-party support or outsourcing to a Managed Security Service Provider (MSSP) can help relieve some of the pressure on internal teams, allowing businesses to stay secure while supporting the well-being of their staff.

By sharing the responsibility for cybersecurity across teams and ensuring that the right processes and support systems are in place, organisations can better protect both their data and their people." Richard Ford, CTO, Integrity360