45% of cybersecurity professionals have considered leaving the industry due to stress, research shows

Today, Deep Instinct, provider of end-to-end cybersecurity deep learning, released the Voice of SecOps report examining the stress levels of 1,000 C-suite and senior cybersecurity professionals.

The study found that 45% of cybersecurity professionals have considered leaving the industry, and 46% know at least one person who left cybersecurity altogether in the past year due to stress.

The main reasons for the stress level include the relentless threat of ransomware and the expectation of analysts to always be on call or available.

Findings highlight that traditional security approaches, which rely on a mix of disparate high-alert surveillance solutions, are unsustainable or unequipped to deal with the ransomware threat, creating a stressful work environment for security teams leading to a “great resignation.” ‘

Why is ransomware so stressful: a lose-lose situation

Ransomware is one of the most stressful incidents for cybersecurity professionals to deal with, as the operational impact can be catastrophic, as demonstrated by last year’s Colonial Pipeline attack.

Likewise, security guards are in a lose-lose situation, forced to either risk not paying a ransom and lose access to key data, or pay a ransom and trust the intruder to decrypt the stolen data .

All too often, attackers will not honor ransom payments, with the study showing that while 38% of respondents admit they paid a ransom, 46% said their details were still exposed by the hackers and 44% said they were couldn’t recover their data.

At any point during ore remediation, negotiation, or recovery, safety analysts take the blame when something goes wrong.

“In a culture of blame, the pressure of failure weighs heavily on security analysts. Having visibility across the entire IT landscape is a challenge that blinds them to many issues,” said Karen Crowley, Director of Product Solutions at Deep Instinct.

“They work long hours, sometimes 16 to 18 hours a day, to keep the company safe, and the responsibility of detecting a misconfiguration or failure of an employee who clicks a malicious link falls back on them,” he said Crowley.

The combination of an “imminent threat of violation”, the pursuit of false flags, and blaming for violations creates a very high-pressure work environment in which analysts must work.

How can security teams respond to ransomware threats?

The best defense security teams have against ransomware threats is prevention.

While easier said than done, you should proactively manage the attack surface and mitigate vulnerabilities in the environment and educate staff on security best practices such as: For example, choosing strong passwords and not clicking on links or attachments in emails from unknown senders.

When defenses fail, as the average ransomware attack takes just over 3 days from start to finish, successful intruders have security analysts limited time to respond to prevent data loss or encryption.

For this reason, Crowley recommends companies invest in technology that helps reduce false positives so security teams have more visibility into their environment while freeing up time for higher-value work rather than chasing false flags.

She also notes that companies are investing in solutions to send alerts to EDR, SIEM or SOAR solutions with higher fidelity so security analysts can investigate prevented events and uncover active threats on the network faster.

Of course, managed services also play a role in supporting overburdened security teams, especially when they are understaffed or understaffed.