Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

How to Reduce the Top Five Security Stressors

April is Stress Awareness Month. With the pace of constantly-evolving threats, budget battles and security apathy from users, it isn’t a stretch to imagine that stress is a part of the job in IT security.

April is Stress Awareness Month. With the pace of constantly-evolving threats, budget battles and security apathy from users, it isn’t a stretch to imagine that stress is a part of the job in IT security.

So, it’s surprising to see a survey that says “Security Analyst” is the #1 least stressful job across all industries. It will be interesting to hear from you as a reader in the comments section below if you take exception to that survey result, or if you think it’s accurate. 

Stress in general is your body’s way of responding to danger, whether real or perceived. The situations and pressures that cause stress are known as stressors. We usually think of stressors as being negative, however, anything that puts high demands on you can be stressful. This includes positive events such as getting married, buying a house, going to college or receiving a promotion.

From an IT security perspective, security stressors are typically related to feelings of lack of control. Let’s identify five triggers that can drive up stress levels and consider how security pros can reduce them.

Keeping Current with Threats

How to Reduce the Top Five Security StressorsThere were over 6000 new common vulnerabilities and exposures (CVEs) published in 2016. While not all are present in your environment, that is still a big number to keep up with and compare against hundreds or thousands of servers, apps, devices, and so on.

This is an example of a stressor related to lack of control, but in this case, it’s best to get by with a little help from your friends. Loneliness or isolation increases stress levels vs. having a strong support network. Use your network by building a feedback loop that includes IT operations, system, application and network administrators, and information sharing with peers through cyber threat intelligence (CTI).

User Behavior

IT security would be a lot less stressful if users were not part of the equation. They are the weakest link in security, constantly finding ways around company controls, falling victim to phishing attacks and exposing credentials.

Every attempt at controlling users has to be balanced with the need for business to be conducted with less friction. Education can go a long way towards raising the security awareness of users and reducing the vulnerability they represent towards the organization. To reduce the stressor of users gone wild, create education goals and measure them to instill a sense of accomplishment for both the employee and security team.

Budget Justification

How to justify a security project is outside the scope of this article, but those tasked with securing their organizations do feel the pressure of falling behind attackers and the standard of due care. That pressure drives a need for budget resources that correlate with the evolving threat landscape, but it isn’t always easy to justify to those outside of day-to-day security operations.

Budget approval may be out of your hands so self-awareness of stress-triggers and emotions when a budget decision does not swing in your favor can help to keep your attitude and outlook positive. In these cases, focusing on your organization’s current investments and identifying opportunities to improve current programs, such as employee awareness, can help re-instill that crucial sense of control.

The Task Backlog

There are always new policies to write in response to changing technologies, threats and regulations. User demands and project changes add to the pile of assignments. And a lack of skilled personnel to tackle these tasks plagues many organizations.

Getting away from the grind seems difficult to do and may feel counterproductive when you have a long to do list. Over half of American workers aren’t taking their vacation days, in some cases because they fret about returning to a mountain of work. And 61 percent of them reported working while on vacation. It may take some planning, but getting away can help you become more productive

Unpredictability of Incidents

Nothing contributes to stress quite like a security incident. Incidents derail planned work, result in immediate pressure to find, contain and recover from the breach, and bring unwelcome attention from people who don’t always understand what’s happening.

One way to mitigate that stress is to frequently evaluate your plans and procedures for dealing with unexpected incidents. All organizations in today’s threat environment should operate with the assumption they will be, or already have been, hacked. Knowing that you have plans in place to reduce the exposure when an incident is detected can restore some sense of control. 

Implementing policies and controls are a big part of IT security, so feeling out of control can have a big impact on stress levels. Rely on your network, gain a sense of accomplishment, stay aware of your emotions, take some time off and build good pl
ans to reduce the common stressors in IT security.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.