By Richard Davies, Director AN/Z at Lacework.
I’m willing to wager that pretty much everyone has felt the symptoms of burnout at some point in their career. Some people have a problem saying “no” when new requests come in or their ambition gets the better of them and they believe that the more work that piles up the more secure they are in their job. However, in IT and specifically in the field of Cybersecurity, burnout may not always be self-induced.
With the adoption of cloud technologies as well as DevOps principles, organisations are constantly accelerating the pace of software and service delivery. While that well-oiled CI/CD machine will continue to run efficiently, the security teams are tasked with ensuring the entire organisation’s safety and compliance. Alert fatigue within the world of cybersecurity is a very real problem.
Tools Should Help
With such a large responsibility placed on security teams, it’s absolutely necessary that they bring in the technology and tools built for securing networks and infrastructure. However, with the sheer number of vendors and tools in the cybersecurity market, businesses can have, on average, 45 or more security tools deployed! With too many tools, you can run into problems. In actuality, too many tools can severely impact a security team’s ability to truly protect their organisation efficiently, but why and how exactly is this a problem?
If you have ten security tools in your arsenal, your staff needs to understand how each of those tools function and what benefit they’re providing. Then your staff needs to learn the appropriate rule syntax for each tool. Now let’s say you’ve written rules, you’ve set up the appropriate notification channels, and you turn everything on. It’s almost a certainty the amount of alerts and security events that are generated will be overwhelming or even unmanageable. The only way to reduce the noise is to begin suppressing rules. This, however, can lead to true indicators of compromise being completely missed, which is the opposite of the result the security team is aiming for.
The Cybersecurity Talent Shortage and Burnout
Data from the CyberSeek platform shows that in the 12 months to September 2020 there were over 14,000 job openings for dedicated and related cyber security roles in Australia. According to the Cybersecurity Workforce Study 2021 from industry group the International Information System Security Certification Consortium, or (ISC)2, there is still a cybersecurity workforce gap of 25,000 in Australia, 16,000 in Singapore and 1.42million across APAC.
So, if your idea was to hire more security professionals to combat the avalanche of alerts and events that are being generated on a daily basis, you may be completely out of luck. You simply cannot hire your way out of this particular problem.
This places an additional burden on your existing resources and many security professionals may start to believe that the demands of their jobs are unachievable. When a valuable team member finds a new job and leaves your organisation, there’s a strong chance their role will go unfilled for some time, only adding strain to the already-stretched-too-thin resources left on the team. The result? More burnout. More turnover.
Is There A Solution?
As a result of the global pandemic pressing organisations to adopt cloud technologies, there has been a parallel rise in cyberattacks. Legacy security tools that rely on constant rule writing produce too many alerts because of the amount of data that is generated by the cloud and the constantly changing nature of cloud-native applications. Attackers are constantly developing novel and sophisticated attacks, which leaves so much unknown to security teams. Add in tool sprawl, staff and talent shortages, plus resources whose work performance is impacted by the symptoms of burnout and it’s the perfect storm for any organisation. So, is there a solution?
In this modern age of cybersecurity, companies are finding more value in taking a data-centric, platform approach when implementing a security solution that is purpose built for the cloud. By leveraging automation and machine learning in a security solution, for example, an organisation can take millions or billions of security signals from cloud accounts and workloads, learn thousands of user or entity’s normal behavioural patterns, identify hundreds of security issues, and surface a handful of high or critical events on a daily basis. By removing the heavy lifting of threat hunting and context gathering, your security analysts won’t be wasting their limited time and energy with manual investigative work. And by providing a low signal-to-noise ratio, cybersecurity professionals won’t be subjected to the extremely high workload demands that typically result in burnout. They may even feel energised and ready to take on securing cloud accounts and cloud workloads, which is one of the toughest challenges in the IT industry at the moment.
It’s time to evolve your security teams’ capabilities by adopting a modern cloud security solution to enable rapid innovation while prioritising safety. Imagine how many more cybersecurity professionals you could hire by letting them know your organisation is using a cutting-edge technology solution that has significantly reduced your employee burnout by completely automating all the manual and redundant tasks a typical analyst is accustomed to? And all without ever writing a single security rule or policy.
