Suffering from ‘cyber fatigue’? You’re not alone.
Cyber security can cause people to feel overwhelmed, out of their depth and powerless to manage the threats they face today. That's why 'cyber fatigue' is such a common problem.
Cisco addresses this problem in their sixth annual CISO Benchmark Study, which provides an insight into the challenges facing over 2,800 security professionals from 13 countries globally. Issues such as unpatched vulnerabilities, zero trust, and cloud security are covered in the report. But it is cyber fatigue that particularly interested us at teiss.
What is cyber fatigue? It is defined by the study as 'virtually giving up on proactively defending against malicious actors'. Obviously it can really have a harmful impact on organisations. And 42% of respondents were reported to be suffering from cyber security fatigue.
What causes cyber fatigue?
Almost all (96%) of those suffering from cyber fatigue complain that managing a multi-vendor environment can be extremely challenging. There seems to be a strong relationship between multi-vendor environments and growing fatigue. This complexity is the main cause of burnout.
Too many alerts are also proven to exacerbate cyber fatigue. Out of the people suffering from cyber fatigue, 93% of them receive more than 5,000 alerts every day. As alerts increase over the years, so does cyber fatigue.
A third cause of cyber fatigue, perhaps unsurprisingly, is suffering a major and extended cyber breach, with the number of hours of downtime influencing the extent of the fatigue.
How to cure cyber fatigue
How can cyber fatigue be lessened? Because the complexity of security resource management is one of the reasons for cyber security fatigue, outsourcing this management might help. Another strategy is to simplify supply chains.
Steve Martino, Senior Vice President and CISO at Cisco, says: “As organizations increasingly embrace digital transformation, CISOs are placing higher priority in adopting new security technologies to reduce exposure against malicious actors and threats. Often, many of these solutions don’t integrate, creating substantial complexity in managing their security environment. To address this issue, security professionals will continue steady movement towards vendor consolidation."
Another solution is automation, which could be the answer to coping with the volume of alerts. The study explains: 'Automation enables policies to be enforced more consistently, quickly, and efficiently. When a device is determined to be infected or vulnerable, it’s automatically quarantined or denied access with no action required from an administrator'.
And finally fatigue should be reduced as security improves. Increasing reliance on cloud security and automation to strengthen their security posture will reduce the risk of breaches and along with it the fatigue arising from them.
Ultimately, cyber fatigue is a very real and human response to a complex problem. Security leaders need to accept this, looking for ways to reduce stress and burnout if they wish to prevent cyber fatigue from contributing to major security breaches.source teiss
- CONTRACT SIEM Cyber Security Operations Engineer. REMOTE OUTSIDE IR35
- United Kingdom
REFCH8165 CONTRACT SIEM Cyber Security Operations Engineer. REMOTE UK SIEM Engineer. 6 month Contract. OUTSIDE IR35 Working towards a "SOC 2" environment. CLOUD (AWS) experience essential. Three key functions; Monitor, Escalate and Triage incidents. Vulnerability Management / threat intel. SIEM configuration / management, review, enhancement More specifically; Work with internal teams to identify assets. Identity applicable threat feeds and work with internal teams to remediate. Patch Patch Patch. (Help mature process / identify gaps) Configuration / fine tuning of SIEM alerts. Create dashboards, Compliance reporting. Log ingestion. Experience across ISO27001 / SOC2 / SIEM / End Point Security is essential Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Cyber Security Operations Engineer. REMOTE UK. SOC2
- United Kingdom
REF8164 Cyber Security Operations Engineer. REMOTE UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and "SOC 2" controls. You role will touch on the following · Security Monitoring- SIEM · Vulnerability Management / Testing · Incident Management · Asset management · Disaster Recovery planning · Change Management AWS Cloud experience is essential as is the ability to ensure patch management is prioritised across the business. Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Lead Security Architect
- United Kingdom
Engage with key clients in an Architectural / technical presales capacity. Including Stakeholders, end users / partners. Working on new and existing Security projects to confirm that proposed solutions are fit for purpose from both a technical and regulatory capacity. Working closely with multiple vendor . Managed security service background ideal CLOUD Security (AZURE OR AWS), IDAM background ideal.
- Threat Vulnerability Management Analyst
- United Kingdom
To monitor, identify and alert internal teams of cyber threats and vulnerabilities. MIRE Att&ck, CIS, OWASP, Vulnerability management tools MUST be able to commute to central London MUST be able to achieve UK SC Clearance. On going support and development.