A new IBM study reveals that two-thirds of professionals report experiencing stress/anxiety during incident response times.
Due to the increase in the number of cyberattacks, which in Latin America alone increased by 4 percent during 2021, cybersecurity professionals admitted that they face high levels of stress when resolving incidents, forcing them to even seek mental health help, according to IBM. A study published within the framework of Cyber Security Day.
According to the study carried out by the consulting firm Morning Consult among 1,100 cybersecurity professionals, the study revealed that a third of those surveyed indicated that the first three days are the most stressful when an incident occurs, while 80% indicated that ransomware has exacerbated psychological demands. . .
That is why Juan Carlos Zeballos, Director of Cybersecurity at IBM Mexico, pointed out in an interview the importance of “humanizing” this activity, “When talking about cybersecurity, it is not only about technology and processes, but also about people that make their work possible”, who require not only constant training, but also attention to their physical and mental health.
In the field of cybersecurity, the saying has spread that the issue is not “if it will happen, but when”. So these professionals are “under quite a lot of stress and pressure, on war alert every day, because you don’t see the enemy, but you know it’s somewhere,” he said.
In this regard, the survey published by IBM reveals that 77 percent of those surveyed who work in cybersecurity tasks stated that the feeling of service was one of the three main reasons for dedicating themselves to the area, followed by the learning opportunity it provides ( 67). . %) and interest in problem solving (60%), among others.
Regarding the work carried out by these professionals, the manager explained that when an incident occurs “they apply everything they have learned when the worst day has passed: how to quickly identify a security breach, how to contain it, how to respond so that the business continues to function”. operate, and that requires a lot of training.” And a lot of practice.
However, Zeballos also pointed out that not only profiles with technical or programming knowledge are sought, as companies now seek to combine profiles from multiple regions that favor creativity in the use of available tools and try to obtain diverse perspectives on how a potential attacker could do an act
According to the 2022 Cybersecurity Workforce Study, there was a gap of 3.4 million professionals worldwide, 26% more than last year. Zeballos considered that this gap could be accentuated in the coming years due to the continuous increase in the attack surface, as more people and processes integrate into the digital world.
He explained that IBM currently contains around 150 billion security incidents per day.
In this sense, “there is a potential solution in automation through the integration of artificial intelligence, not only in processes, but from the design of solutions and products“, which makes the work of employees more efficient.
This trend has also allowed companies to contract security services from third parties, such as managed security service providers, as telcos have found a new growth opportunity by installing Cyber Security Operations Centers, where IBM collaborates in the employee training, best practices and solutions.
The IBM survey also reveals the pressure cybersecurity professionals face when incidents occur, due to lack of personnel or technology. According to the study, 68 percent said it was common to assign the response to two or more overlapping incidents.
Additionally, on average globally, 71 percent of respondents said they were involved in incident response for four weeks or less, although in the United States 39 percent of professionals reported response times of more than four weeks. weeks.
Additionally, globally, 52 percent indicated that they work between eight and 12 hours a day during the most stressful days, 27 percent indicated that the time could be extended to between 13 and 16 hours, and 4 percent more than 18 hours. per day.
Two-thirds (67%) of cybersecurity incident professionals report experiencing stress/anxiety in their daily lives as a result of responding to cybersecurity incidents; About 30 percent also experienced insomnia or fatigue, while 29 percent admitted that it had an impact on their social lives and personal relationships.
However, 95 percent of those surveyed by IBM felt that their organization’s leaders provided them with the support structure they needed to do their jobs efficiently.
Zeballos highlighted that among the best practices in cybersecurity is the rotation of employees, which allows them to accumulate knowledge and improve their techniques based on technology and processes; obtain statistics on performance and topics covered; At the same time, evidence of mental health care can be incorporated.