iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
When asked to nominate the biggest source of stress for their organisation’s IT security team, most senior managers would point to cyber threats.
Teams are tasked with keeping intruders out of core infrastructure and digital assets safe. Because the threat landscape is constantly changing, this is a constantly challenging role.
However, cyber threats are not the only source of stress for security teams as they don’t operate in a vacuum. Teams also must contend with factors such as changes in the economic environment, budgetary constraints, and both management and customer demands.
Pressure from customers
Customer demands can create significant pressure when security teams are required to provide evidence that protective measures are maintained at a required level.
In a recent survey conducted by LogRhythm, 91 per cent of security professionals and executives reported that they had been asked by customers for proof of security requirements. Interestingly, 67 per cent admitted their firm had actually lost a deal due to a lack of prospective customer confidence in its security strategy.
Some of this pressure from customers can be attributed to recent supply-chain cyber attacks where organisations became victims due to weaknesses in the security measures within external parties. This has led to an increased focus on what security is actually in place within prospective suppliers and partners.
Pressure from changes in work patterns
Security teams are also facing ongoing pressure as a result of the significant changes that occurred as a result of the COVID-19 pandemic. Many staff are continuing to work remotely, either part- or full-time, which means they are no longer being protected from threats by a corporate firewall.
Security teams must constantly monitor users and devices to ensure they are not posing any threat to centralised IT resources. Just one compromised device could cause significant disruption or loss for an organisation.
Care must also be taken with cloud-based resources. Security teams need to constantly monitor who is accessing these resources and whether they have the authority to do so.
Pressure from fellow staff members
Another source of potential pressure for the teams comes from their work colleagues. Often some try to circumvent the IT department and either install their own software on devices or make use of non-approved cloud-based services.
Examples can include using a service such as Dropbox or Google Drive to store and share sensitive data. Doing this means existing security measures may no longer be sufficient to prevent an attack or data loss, putting the organisation at risk.
Pressure can also be caused by fellow members of the security team who opt to leave. According to the survey, 77 per cent of executives believe that turnover of team employees reduces the effectiveness of the team and increases stress levels.
Pressure from security tools
The survey revealed another type of stress for security teams stems from the array of tools that have been deployed within their organisation. Of those surveyed, 74 per cent confirmed they had overlapping security tools or multiple products that solve the same problem.
This creates additional work for team members as they have to maintain tools that are not necessarily delivering any better security defences. It also consumes time that could be spent on more value-adding tasks.
Reducing pressure on the security team
Once they had nominated the top sources of pressure and stress for their IT security team, survey respondents were asked what measures would help to improve the situation.
Topping the list of desired measures were increased security budgets and more experienced team members, each nominated by 42 per cent of respondents. These were followed by better cooperation from other IT teams and more integrated security solutions (39 per cent).
Security teams continue to face challenges on multiple fronts, and steps need to be taken to lower the levels of pressure and stress being experienced. Senior executives should focus on providing appropriate resources, staff training, and staff retention.
Reducing and managing pressures will result in more effective teams that are better able to defend against cyber threats. With threat levels showing no sign of declining, this should be a priority for every organisation.
Michael Bovalino is the ANZ country manager at LogRhythm.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
