- Technical contribution
- Management, Awareness and Compliance
When stress goes viral
The Coronavirus pandemic has added even greater pressure to cyber security professionals’ stress loads, reports it-sa 365 media partner ‘Cyber Security Europe’ magazine.
Such burnout can cause acute harm at both organisational and individual levels. Directorate heads and chief officers, now closer than ever to cyber governance decision-making, should ensure that executive leaders are apprised of the situation.
For most people chronic mental pressure is an acknowledged performance inhibitor. With respect to cyber security, this is all to the favour of threat actors, because stressed-out CISOs do not lead well and/or do their jobs as effectively as possible – they become more liable to operational slipups and defective leadership.
A stressed IT security work team is unable to watch-out for one of its number who may show signs of inattention. Oversight suffers, and mistakes are made in cyber defence administration that hackers could exploit. Daily concerns related directly or indirectly to Coronavirus compound an already barely tolerable situation. Coronavirus has, of course, caused disruption across many occupations and disciplines, but has held acute resonances for the cyber security profession. Recent increases in opportunistic Coronavirus-related attacks has not meant any lessening of ‘threats-as-usual’ offensive activity.
The pandemic – and the concerns it gives rise to – create perfect conditions for cyber criminals to step-up their activities. Employees are likely more susceptible to phishing and malware attacks in a climate riddled by Coronavirus concern; and a requirement to work remotely might introduce a delay in human response to hack attacks and other intrusions into an organisation’s IT systems.
Then there is also an insider threat dimension to the situation. Employees who, for any reason, take exception to being furloughed, might become more minded to misappropriate workplace data assets. Subsequent employee redundancies would heighten this risk.
Scheduled work routine breaks that might help an individual find respite from the predicament –such as vacations or visits to cyber security industry exhibitions and conferences, like it-sa – are curtailed until the emergency is deemed past.
“In a world increasingly focussed on the scourge of mental illness, it seems appropriate to try to understand the exposure of security professionals to the work-related aspects of this condition,” says the Chartered Institute of Information Security (CIISec)’s ‘The Security Profession in 2020’ report, based on a survey of its members.
In reply to the question ‘Have you or someone you know left a job due to overwork/burn-out?’, 18% of respondents said that they had left a role due to the pressure or risk of ‘burning out’. A further 25% of CIISec members have at least thought about it.
As this year’s pandemic has proved, Europe’s cyber security professionals must now deal with the disruptive impacts of viruses of many kinds.