Ransomware Is Driving Cyber Security Professionals To Consider Quitting

Uploaded on 2022-07-19 in JOBS-Careers, FREE TO VIEW

Persistent ransomware threats and looming, large-scale attacks are pushing some security professionals towards leaving their chosen career. Cyber security has become a hot button issue for businesses around the world, particularly ransomware. The cyber threat has become common threat for every type of business.

Now, a report by cyber security company Deep Instinct has found that 46% of senior and executive-level cybersecurity professionals have considered quitting the industry due to stress. 

Ransomware is a type of malware that prevents you from accessing your computer, or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Typically, victims asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is usually demanded in a crypto currency, most often Bitcoin, in order to unlock your computer, or access your data. 

The cyber security industry is stretched thin. Ransomware attacks are now so prolific that some companies simply cannot help every newly hacked victim get back online and the chronic shortage of skilled workers means no immediate prospect of relief.

According to Deep Instinct, “More than 90% of cyber security professionals are stressed in their role   Nearly half of the respondents (46%) have thought about quitting the industry and stress levels are increasing across all sectors,” says the Report.  

Deep Instinct's Report is based on the responses of 1,000 senior cybersecurity professionals from companies in the US, UK, Germany and France. All interviewees worked for businesses with 1,000 employees or more, and for businesses with annual revenues of at least US $500m across financial services, retail and eCommerce, healthcare, manufacturing, public sector, critical infrastructure, and technology. 

The more senior the cyber security role, the more stressful the job   A significant proportion of professionals concede that stress is negatively   impacting their ability to do their job.   

“There appears to be a widespread adoption of completely counter-productive   measures, such as switching off alerts because cyber security teams find them to be overwhelming   Paying off the ransomware criminals is in the aftermath of an attack results in  trouble-free consequences in just 16% of cases... We’ve identified that more cyber security professionals than ever are seriously considering leaving the industry permanently because of these pressures, with potentially catastrophic consequences for the organisations that rely on their vigilance." says the Report.

This is being driven by an "unrelenting threat from ransomware", as well as supply chain attacks on a scale similar to the 2020 SolarWinds attack and the 2021 Kaseya ransomware attack and both have had severe consequences for organisations attacked, Deep Instinct found.

 The burden of preventing such attacks weighs heavily on those tasked with keeping networks and wider organisational systems secure

More than 90% of cyber security professionals are stressed in their roles, with a "significant proportion" of professionals conceding that this is negatively impacting their ability to do their jobs. Those in leadership positions are likely to be feeling pressures of the industry more acutely, the report found: one in three C-Suite executives, including CISOs, CTOs, ITOs and IT strategy directors, said they were 'highly stressed'. 

Cyber security problems have been exacerbated by the move to remote working, which has made network security more challenging for organisations. "Senior cybersecurity executives acknowledge that their stress levels are impacting decision-making and can have implications for the security posture of companies," the report added. 
"The stress we're seeing across the cyber industry appears to be accelerating the exodus of talented people from the industry: a particular challenge when many cybersecurity defences and mitigation processes are human-dependent, requiring constant monitoring and intervention."

"Without a singular focus on one type of attack, resources are stretched thin and its obvious to see how a SecOps team may feel deflated against the challenges they face." While organisations are typically advised not to pay hackers in exchange for encrypted data, cyber security professionals are doing so in order to avoid downtime and the associated reputational damage should the attack become public.

More than a third (38%) of survey respondents admitted to both experiencing a ransomware attack and paying the ransom in exchange for the decryption key, compared to 62% that didn't pay. A big problem is that paying hackers off does not guarantee the safe return of company data:

  • 46% of those who paid said records or sensitive information was exposed regardless.
  • 45% were unable to restore all their data
  • 23% of respondents were hit by a subsequent extortion demand after paying the ransom.

Working in cyber security is a hard job, exacerbated by the long, stressful hours that cyber security incident responders have to spend putting out the fires that ransomware cause to ignite 

Worse, the cyber security field is very short-staffed with  74% of organisations reporting that a lack of cyber security skills has had an effect their organisation, while only 9% of millennials have reportedly expressed interested in the industry.

Deep Instinct:       NCSC:     CheckPoint:       Proofpoint:       NBC:       ZDNet:    Tech.co

You Might Also Read: 

Overcoming The Obstacles Caused By The Great Resignation:
 

« What To Look For In A Cyber Essentials Assessment Partner
Iranian Hackers Try Intercepting Israeli & US Government Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.