Human skill and cyber resilience – Infosec poll

More than 40% of respondents in the latest Twitter poll run by Infosecurity Europe (www.infosecurityeurope.com), Europe’s number one information security event (2-4 June 2020 at Olympia, London), singled out human skill and expertise as the most important element of a successful cyber resilience approach.  The aim of the poll was to explore the importance of resilience in cybersecurity, that is the ability of an organization and its cybersecurity professionals to prepare, respond, and recover when cyberattacks happen.

The findings cast a spotlight on growing pressures faced by information security workers and need for more to be done to protect their mental health.  With the number of cyber-attacks faced by organizations growing on a daily basis and a projection that 146 billion records will have been exposed in the five year period from 2018-2023 the pressure cybersecurity professionals are under has never been greater.  Couple this with the threat of regulatory fines, reputational damage and the growing skills shortage – there are nearly 3 million unfilled cybersecurity positions at companies worldwide – it’s clear that protecting individuals and enhancing their resilience should be a key priority for organizations.

The poll examined the repercussions of the pressures faced by workers, asking information security workers the question have you ever made significant mistakes as a result of being overstretched or stressed at work?  Over half said yes –  26.8% answered yes, significant errors, while a further 31.9% said yes, minor mistakes had been made.  A quarter (25%) said no and 16.2% didn’t know.  Unsurprisingly a recent report (www.businesswire.com/news/home/20190729005244/en/Ponemon-Institute-Devo-Technology-Study-Reveals-65) found that 65% of IT and security professionals considered quitting due to burnout.

Paul McKay, Senior Analyst at Forrester Research, and a speaker at this year’s Infosecurity Europe, is in agreement, “Undoubtedly human skill and expertise is the most important element of a cyber resilience approach.  You can have all of the technology and best practice approaches deployed in the world, but ultimately successful cybersecurity relies on the skills, ingenuity and cognitive ability of the human brain.  Many of my clients have gaps in their security team caused by difficulties in finding enough people to fill open roles on their teams.  This impacts them critically both in progressing their security program, but more importantly, the mental, physical health and wellbeing of everyone else who are often doing heroic work making up for gaps in their teams. I don’t think I’ve ever seen security professionals under this much pressure.”

“The average life-span for CISOs is quite frightening,” says Becky Pinkard, Chief Information Security Officer with Aldermore.  One of the last stats I’ve read it's just 18-24 months.  When you start to look at that and relate that back, literally anyone in cyber security will be able to tell you a time when they have made a mistake, whether that’s because they didn’t know what they were doing, were stressed out, or they felt under pressure from project management or timeline pressure, and we are constantly faced with the same constraints so it will always be an issue we need to recognize and deal with."

Employee mental health and well-being should be an essential consideration for all employers and none more so than those working in information security.   Cyber resilience will form a core theme for Infosecurity Europe.

“We as Infosec professionals and leaders, need to be resilient ourselves – developing new skills and on a personal level, being resilient to the stress and pressure facing people in our industry,” says Nicole Mills, Senior Exhibition Director at Infosecurity Group.
 
“Our poll clearly highlights that human skill and expertise is the most important aspect in building a strong cyber resilience strategy and this is why organizations need to focus on providing a safe and supportive environment to protect their most important asset.  By building the expertise of those involved at the sharp end of cyber-attacks and taking measures to provide them mental health support will not only help to strengthen resilience, but it will attract and reassure those wanting to enter the industry.”

Infosecurity Europe 2020 runs from 2-4 June 2020 at Olympia, London, and is now open for free registration at www.infosecurityeurope.com.