A lack of time and a lack of executive support are two of the top causes of stress, according to a LogRhythm report.
Security professionals often face a host of stressful factors as they strive to do their jobs. Lately, the coronavirus pandemic and the resulting shift to remote working have added more strain to an already challenging role. But even under normal circumstances, specific issues can trigger stress in the working life of a security pro. Based on a survey, a report released Tuesday by security company LogRhythm looks at some of these stressors and offers advice on how organizations can reduce them.
Teaming up with independent research firm Dimensional Research, LogRhythm surveyed more than 300 security professionals and executives around the world. Based on the data, the report entitled "The State of the Security Team: Are Executives the Problem?" found that 75% of the respondents said they have more work stress now than two years ago. Various reasons were cited for the increased stress, but the top two were lack of time and lack of executive support.
Lack of time is an issue faced by so many working professionals. But lack of executive support can be especially difficult when dealing with critical security projects and priorities. Some 57% of those surveyed said their security program lacks proper executive support. The lack of executive buy-in also has led some professionals to think about leaving their jobs.
Among all the respondents, 42% said that executives not being held accountable for strategic security decisions was a key reason for them considering leaving their jobs. Among others who thought about leaving their jobs, 40% cited too much job stress, 32% mentioned excessive work after hours fighting security emergencies, and 25% pointed to security team members not being held accountable for their actions.
The survey also looked at the tools used by security professionals to combat cyberthreats, another area that can trigger stress. Among the respondents, 93% said they lack the tools needed to detect known security threats, 68% said they have overlapping security solutions, and 56% admitted that this security solution overlap is unplanned. Further, only 32% said they have a real-time dashboard view of all their security solutions.
Many of those surveyed acknowledged certain gaps in their security posture. Looking at tools that help prevent security threats, respondents cited gaps in such areas as identity and access management (IAM), data loss prevention (DLP), web security (filtering), and distributed denial of service (DDoS) mitigation.
And looking at tools that help detect security threats, the respondents pointed to gaps in areas such as security information and event management (SIEM), intrusion systems (IDS, IPS, etc.), network traffic analytics (NTA), user and entity behavior analytics (UEBA), and network detection and response (NDR).
Based on the survey results, LogRhythm discovered five factors that could alleviate stress for security professionals and help them more effectively do their jobs:
- Increased security budget (both to fund security tools and solutions and to grow headcount).
- More experienced team members.
- Support from the executive team.
- Fully staffed security team to reduce lingering open headcount.
- Help from other departments to comply with security mandates.
Asked what type of additional support their security program requires, 58% of respondents cited increased funding for tools, 49% pointed to help getting other departments to comply with security requirements, and 47% mentioned increased security team size. Other factors that would make a difference were a clear strategic vision and better executive buy-in.
Beefing up the security staff is one step that should reduce stress for individual team members. Though 25% of those surveyed said their organizations aren't looking to hire any additional staff, the rest of the respondents revealed that they're seeking to hire anywhere from one to more than 10 additional employees.
Finally, consolidating security tools is another task that could help with stress levels. Asked what benefits they think would be achieved by such a move, 63% pointed to less maintenance (fewer solutions to update, configure, etc.), 54% cited faster issue detection, and 53% pointed to quicker issue identification. Other benefits mentioned were faster issue resolution, lower costs (reduced licenses, equipment, etc.), improved security posture, and the ability to more easily share security status and events with executives.
"Now, more than ever, security teams are being expected to do more with less leading to increasing stress levels," James Carder, CSO and VP of LogRhythm Labs, said in a press release. "With more organizations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritize alleviating the stress and better support their teams with proper tools, processes, and strategic guidance."
The survey targeted security professionals and executives at medium businesses to large enterprises. Conducted in April 2020, the survey elicited responses from 308 people across six continents: North America, South America, Europe, Africa, Asia, and Australia.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)