Posted on February 2, 2022
The shift to work from home that was accelerated by the start of the COVID pandemic has resulted in a sharp increase in cyberattacks.
Companies of all sizes were simply unprepared for the sudden and massive switch to remote work. IT infrastructure setups that were fine for the 10% of users who occasionally worked from home or while travelling (when 90% of employees worked from the office), were suddenly exposed as vulnerable to all kinds of attacks when the balance switched, and 90% of users started working from home.
As a result, data exfiltration and leakage has increased most sharply. Phishing, ransomware, VPN breaches and other security events have all shot up as well.
There’s been plenty of coverage about breaches, vulnerabilities and ransomware attacks. There’s been much is less discussion about the impact of remote work and increased cyber risk on cybersecurity staffs. Burn out is increasing as Chief Information Security Officers (CISOs) and their teams close in on two years of heroic efforts to keep their companies safe and connected.
A recent survey from software company Tessian indicates just how bad the problem has become.
CISOs put in, on average, 11 hours per week beyond the “standard” workweek. One in ten puts in 20 to 24 additional hours per week, every week.
The demands of the job leave many CISOs struggling to shut off and get down time – 59% say they have a hard time switching off from work at the end of the day.
Work demands are having a major negative impact on CISO’s personal lives: 40% have missed a family vacation because of work, 42% have missed a federal holiday, such as Thanksgiving or Christmas, and 44% have missed doctor’s appointments because of work. Nearly a fourth haven’t taken a vacation or personal time off in the last year.
CISO’s know how important cybersecurity is to their companies, so they will do whatever it takes to protect the business. However, as Tessian CISO Josh Yavor puts it,
Security is hooked on heroics. We love the story of pulling all-nighters and heroes saving the day. But to avoid burnout, there needs to be a shift. Recognize that heroics are a failure condition.
The problem is so extreme that some CISOs are opting for early retirement or shifting to less demanding consulting roles. This is very bad news, given the shortage of trained cybersecurity staff and ever increasing and more damaging cyberattacks.
Cybersecurity staff burnout is often most severe at organization that are still trying to fight today’s cybersecurity battles with yesterday’s tools.
Despite concerted efforts for user training, users are still clicking on suspicious links and installing malware on their devices or on company servers.
Perimeter-based intrusion detection often generates an avalanche of false positives.
Manually configuring access controls for new employees or employees who have changed jobs is time consuming and often neglected, most dangerously in the case of users who have left or been fired.
Enforcing cybersecurity in such an environment is like trying to keep a 30-year-old car running. Maintaining it requires a lot of time, effort and money — and it will still not be as reliable as something newer.
Since yesterday’s tools are not nearly as successful at stopping attacks as state-of-the-art methods, in addition to increasing the workload for cybersecurity staff, using them also exposes organizations to major losses.
A Secure Access Service Edge (SASE) solution, such as Ericom Software’s ZTEdge platform, provides up-to-date Zero Trust-based cybersecurity that is cloud-native and designed for today’s hybrid work environments.
The ZTEdge Secure Web Gateway leverages Remote Browser Isolation to protect organizations from users who click on the wrong email, download the wrong email-delivered file, or simply visit the wrong site.
It also includes Zero Trust Network Access (ZTNA), a way more secure alternative to vulnerable VPNs, to enable remote access to private apps and networks. An Automated Policy Builder keeps policy creation and updating on track, ensuring that Least Privilege Access is truly “least”.
Learn more about how Ericom Software’s ZTEdge platform can protect your company from ransomware, phishing and other cyberthreats while reducing the burden on cybersecurity staffs. Isn’t it time that your CISO had a well-deserved vacation?
Recent cyberattacks combined stolen credentials, social engineering, MFA resets and SSO manipulation in what’s been described as the Ocean’s 11 of the cyber age.
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.