As the cyber threat landscaping continues to evolve and grow, organizations are increasingly focusing on acquiring more technology to improve their cybersecurity posture. Consequently, the human element of cybersecurity is ignored or underprioritized. Yet, when it comes to cybersecurity and the people charged with protecting your organization, the human component is critical. This is especially true for cyber teams, where a smoothly running team depends on the human element to examine the mounds of security alerts that are received daily and identify which ones are worth escalating, investigating, and responding to. When you ignore this fundamental cyber team truth, you harm your cybersecurity team and the cybersecurity of your organization.
Cybersecurity teams regularly confront a punishing list of challenges. They face a complex and continuously evolving threat landscape, a persistent cyber security skills gap, leadership issues, budget constraints, and more. To respond to alerts effectively in the midst of all of these challenges, cybersecurity analysts must unceasingly apply extra concentration, energy, and time. The result of such a chaotic, demanding environment? Stress and burnout.
The toll that a sustained high-pressure environment takes on analysts is significant. According to Palo Alto Networks’ recent state of security operations report, “96% of the analysts polled said they feel significant personal impact following cybersecurity breaches and more than one-third reported feeling anguish or losing sleep.” When employees experience burnout they become lethargic and unmotivated, creating a problem not just for other analysts and the cyber team as a whole, but also for the cyber defense of the entire organization.
Indeed, the extent of burnout is so great, that many security analysts feel the need to leave their roles: The SANS Institute reports that “60% of survey respondents said the stress of working in the SOC caused them to consider changing careers or leaving their jobs”. While keeping a cyber team properly staffed is difficult in the best of times, having to find a replacement for an analyst that just quit creates an added level of pressure on the cyber team. The understaffing problem is further compounded by the long time it takes to fill open cybersecurity positions (sometimes six months or longer according to ISACA).
Given the impact that overstressed cybersecurity professionals have on team performance, recognizing and understanding the human component of cyber security is of paramount importance. Organizations that want to maintain their cybersecurity staff and maintain a robust cybersecurity posture, must find a way to unburden their analysts. They need a way to address the skills gap, leadership issues, and hiring issues, so that the human component is central to cyber team performance, rather than an afterthought.
Putting the human component of performance front and center is about being able to do the follow for your cyber team:
While the right cybersecurity tools and technologies undoubtedly contribute to the success of your cyber team, nothing can replace the human component. Recognizing this, more organizations are looking beyond technical skills and also measuring the soft skills that strongly influence individual and team performance. By keeping the human component front and center, you can help alleviate some of the recurring burdens placed on the cyber team and bring it to the next level of success. To create a truly strong cybersecurity posture, the human component of the cyber team must be nurtured, not neglected.