For IT professionals, the last few months have been brutal – never mind the last year of making sure everyone in the organization has the tools they need to be productive and secure for remote work.
Never mind the constant barrage of ransomware, phishing attacks and making sure employees aren’t downloading malware and crippling the entire organization with the click of their mouse – there are very real nation-state cyber threats in the wild that IT pros and incident response teams have been dealing with since December.
Two recent vulnerabilities exploited by nation-state hackers that have kept IT professionals up at night include the SolarWinds supply chain attack and the ProxyLogon Microsoft Exchange Server vulnerabilities.
Depending on your organization’s level of exposure, cybersecurity expertise on staff and ability to spend on defenses, stress levels could be at an all-time high. We talked to several cybersecurity experts and incident response professionals about how to deal with that stress.
Especially when responding to cyberattacks and digging through the organization’s environment to look for indicators of compromise, burnout is a huge risk because that process alone can take hours, days or weeks, says Chris Loehr, executive vice president of Solis Security, a Texas-based managed security services provider.
“There’s no way we can have somebody work 24-36 hours and then expect them to take an hour nap and be ready to go,” Loehr says. “It just doesn’t work that way.”
Instead, organizations should set those expectations up front so everyone knows what is and what isn’t expected of them. No one person should be wearing every hat in IT – especially in cybersecurity.
Increase your IT staff to levels that not only allow everyone a sufficient amount of downtime and time off, but also provide enough manpower and support for incident response.
“So we need to have somewhat of a supporting staff so that it’s no different than a doctor in an operating room with supporting staff or whatever the case may be,” Loehr says.
During very stressful situations, IT pros should monitor their stress levels since stress could negatively impact their work and lead to even more headaches for the organization.
Set expectations for leadership
Being a victim of ransomware or information theft can be very stressful for organizations – especially the person that opened the attachment in the email or the organization’s leadership that demand a quick response. They are likely toiling over their lost revenue, declining business, reputational harm and other irrational thoughts that often come with a cyberattack.
“They’re just banging the door for answers,” Loehr says.
However, there isn’t any magic button that will solve the issue, secure their network and kick out the bad guys. Forensic analysis takes time – sometimes days, weeks or even months.
That constant pressure from leadership to get answers can wear on IT professionals and cybersecurity experts who are already working around the clock to solve the problem in addition to their other duties.
“You really have to deescalate the situation,” Loehr says.
Don’t try to do it all
Loehr says his company itself has developed a trusted network of professionals that can help respond to incidents at a moment’s notice, which takes the hassle out of having to send his employees on airplanes or trains to a client.
Likewise, internal IT departments should not – and cannot – do it all themselves.
Adam Kohnke, an information security manager at the Infosec Institute, said he used to run a 10-person identity and access management team that processed 18,000 transactions per year, and burnout was tough to deal with due to the volume of that work.
One of the things he did to lighten some of the workload off of his employees was implementing a guest worker program which entailed borrowing employees from other business units that had some downtime.
That necessitates having a solid training program in place to make the temporary transition efficient and successful, but it can really reduce workload and stress levels.
“We would borrow auditors and other individuals to help with simpler requests like setting up new users, folder access requests or performing access terminations which would take some stress off my primary analysts and provide other employees the opportunity to develop new skills within the business,” Kohnke says.
Don’t just wait around for incidents to happen – plan, prepare, practice and patch
One of the reasons organizations get compromised in the first place is a lack of good cybersecurity defenses like firewalls, email filters, multi-factor authentication and poor vulnerability management.
Cybercriminals are smart, and they share information amongst each other much better than their counterparts on the good side of the fight. Rather than resolving to always be one step behind hackers, IT teams should be more proactive and take regular steps to ensure that the organization is secure.
David Janssen, founder of VPNOverview.com and a cybersecurity analyst, says cybercriminals try to dictate the pace at which IT teams work, so planning workloads ahead of time can be challenging.
To lighten that burden, organizations should invest in prevention and a cybercrime strategy, Janssen says.
“Make sure the team is well equipped: invest in training, the proper tools and software, and make sure the team has enough members with the right backgrounds,” Janssen says.