45% of cybersecurity professionals have considered quitting the industry due to stress, research reveals  

Today, end-to-end cybersecurity deep learning provider Deep Instinct, released the Voice of SecOps report, examining the stress levels among 1,000 C-suite and senior cybersecurity professionals. 

The research found that 45% of cybersecurity professionals have considered quitting the industry and 46% know at least one person who left cybersecurity altogether in the past year due to stress. 

Top reasons for the level of stress include the unrelenting threat of ransomware and expectations on analysts to always be on call or available. 

The findings highlight that traditional approaches to security that rely on a mix of disparate alert-heavy monitoring solutions aren’t sustainable or equipped to deal with the threat of ransomware, and are creating a stressful working environment for security teams that are contributing to a ‘great resignation.’

Why is Ransomware so stressful: a lose-lose situation 

Ransomware is one of the most stressful incidents for cybersecurity professionals to manage because the operational impact can be disastrous, as the Colonial Pipeline attack highlighted last year. 

Likewise, security responders are in a lose-lose situation, forced to either risk not paying a ransom, and losing access to key data, or paying a ransom, and trusting the intruder to decrypt the stolen data. 

All too often attackers won’t honor ransom payments, with the research revealing that while 38% of respondents admitted to paying a ransom, 46% claimed their data was still exposed by the hackers, and 44% saying they couldn’t restore their data. 

At any time during remediation, negotiation, ore restoration, security analysts take the blame if something goes wrong. 

“In a culture of the blame game, the pressure of failure weighs heavily on security analysts. Visibility across the entire IT landscape is a challenge, leaving them blind to many issues,” said Director of Product Solutions at Deep Instinct, Karen Crowley. 

“They are working over hours, sometimes 16-18 hours a day, to keep the organization secure and the responsibility to catch a misconfiguration or mistake by an employee clicking on a malicious link falls back on them,” Crowley said. 

The combination of an “imminent threat of a breach,” chasing false flags and taking the blame for breaches creates a very high pressure working environment for analysts to operate in. 

How can security teams respond to ransomware threats

The best defense that security teams have against ransomware threats is prevention. 

While this is easier said than done, proactively managing the attack surface and mitigating vulnerabilities in the environment, and educating employees on security best practices, such as selecting strong passwords and not clicking on links or attachments in emails from unknown senders. 

If prevention fails, given the average ransomware attack takes a little over 3 days from start to finish, successful intrusions give security analysts limited time to react to prevent data loss or encryption.  

As a consequence, Crowley recommends that organizations invest in technologies that help to reduce false positive alerts, so that security teams have more visibility over their environment, while having time for higher value work rather than chasing false flags. 

She also notes that organizations invest in solutions to send higher fidelity alerts to EDR, SIEM, or SOAR solutions so that security analysts can investigate events that have been prevented and uncover active threats on the network faster. 

Of course, managed services also have a role to play in supporting overburdened security teams, particularly if they’re under-resourced or understaffed.