Globally, organizations are witnessing a significant exodus of employees in what became known as the Great Resignation. A recent study found that more than the half It is clear from security professionals who are considering leaving their jobs that the cybersecurity industry is not immune to this problem.
Having that in mind 51% of cybersecurity professionals experience stress and burnout as a result of increased workload during the pandemic, it is no wonder that many people are thinking of leaving the industry altogether. And, of course, other people choose to quit their cybersecurity jobs for better opportunities elsewhere.
In any case, the growing number of resignations in an industry historically suffering from significant skills gaps is worrying and puts organizations at higher risk of serious security breaches. Urgent action is therefore needed to get to the bottom of these resignations and to increase the retention of staff in the cybersecurity sector.
The big resignation has affected businesses in all industries, but experts say cybersecurity is one of the most affected sectors. Kieron Holliom, vice president of the United Kingdom and Ireland, the Middle East and Africa at BlackBerry, described the lack of skills in the cybersecurity industry as “on the verge of critical”.
“One of the consequences of the Great Resignation and the chronic shortage of cybersecurity talents is the spread of blind spots in security decisions, behind which there are gaping vulnerabilities,” he said. “These vulnerabilities are being used by cybercriminals to plant vectors of attack that can lie dormant for years before choosing the right time to strike and cripple businesses.
Ilona Simpson, CIO for Europe, the Middle East and Africa (EMEA) at Netskope, agrees that the high percentage of employees leaving security positions can have severe consequences for organizations. She warns that this could lead to poor mental health and low productivity in cybersecurity departments.
She told Computer Weekly: “With a general shortage of skills in the market, all gaps in teams that maintain critical infrastructure will be felt sharply and can often take months to fill. Unmanned teams tend to be overwhelmed, which can have a negative impact on both mental health and team performance. “
Insufficient security teams also make it difficult for businesses to implement protections to prevent hacks, data leaks and other serious cyber threats. “In addition, skills shortages across the business can lead to delays in changing programs or initiatives designed to improve overall operational security, leaving businesses open to threats for longer,” she added.
“While it is possible for companies to outsource change management projects, cost can be an excessive factor for many. Finally, with the majority of the workforce leaving the business, the chance of data leakage – whether intentional or accidental – increases significantly.
Maintain security with fewer defenders
As cybersecurity teams experience a brain drain and growing cybercrime, organizations would be wise to take steps to improve retention in their cybersecurity teams and explore alternative solutions to strengthen their online protection. To begin with, Simpson believes that companies must “carefully and thoroughly” manage the process of leaving before employees leave their roles.
“This is a key opportunity to earn alumni, as opposed to just a former employee, and maintaining a reputation reduces the risk of corporate data being removed due to dissatisfaction. It also allows the current team to better understand what gaps they need to make, ”she said.
Companies affected by a lack of cybersecurity talent need to reorganize current resources to manage “high priority issues” and fill any security gaps, according to Simpson. They can too adopt technologies such as artificial intelligence (AI) and providing company-wide security awareness training to fill the gap left by skills shortages.
“In the medium and long term, businesses need to explore ways to blunt the impact of resignations,” she said. “This may include automation; review the processes and technology stack to determine if AI / ML [machine learning] can improve the current line of defense; or simply introducing broader educational programs throughout the organization to raise awareness of security risks. “
Business leaders have a responsibility to deal with the growing resignation of the cybersecurity industry. Simpson says employers need to understand the basic goals and principles of leadership, ensuring that they not only assign tasks, but also provide employees with the tools and support they need to succeed in the workplace.
“Good leadership focuses on cultivating a good culture. The brand, the role and the salary of the employer may be what attracts people to join an organization, but it is the culture that makes them stay. Teams need to be made to feel comfortable, both physically and intellectually. Leaders need to build a supportive culture that rewards employees for engaging in business, ”she said.
“It’s certainly not easy in the hybrid working world (and no one said it would be), but it’s not impossible. I have always found the best talent in the field of security to be people who have an intellectual curiosity and a penchant for solving problems in the team. So one simple step in these cases is to help them get rid of the administrative work and leave them to focus on solving problems.
The round-the-clock nature of cyber-attack mitigation and vulnerabilities can create an intensive workplace for many cybersecurity professionals, which has increased dramatically during the pandemic. Jake Moore, a security specialist at ESET, fears this is one of the main contributors to the Great Resignation in the cybersecurity industry.
“The infosek industry can often overwhelm those who keep their teeth spinning and make sure the wheels don’t fall, but combined with a lack of recognition or poor development opportunities, it can soon worsen for those who feel burns.” he told Computer Weekly.
“This information industry may look very rosy on the outside with an inviting corporate culture that is often spread on social media, but many jobs are tiring for long hours constantly trying to keep constant threats at bay.”
Moore believes that the key to retaining cybersecurity professionals is to listen to their views, provide opportunities for development and create a flexible workplace. “Many older managers want their workforce, especially technical ones, to return to the office more than their staff can ask for, which can repel people. We can no longer prove that employees can be trusted, so due respect must follow.
“Leaving the industry takes much longer to replenish lost talent, making it harder for the next generation. The mass exodus of staff could have severe consequences, which I saw first hand when more police officers left than were hired. That could have an equally big impact on cybersecurity, “he added.
Follow the key steps
Skills gaps and mass resignations in the cybersecurity industry could stifle innovation, growth and security in business, according to CybSafe CEO Oz Alashe. But he is convinced that companies can take several effective steps in response to the effects of the Great Resignation.
First, he advises businesses to manage job expectations. “Many job advertisements place unrealistic expectations, looking for a ready candidate for each role. Recruitment does not meet these heights, “he said.
“Not every role in the security industry requires technical experience from the start. An engineer does not need to be a cybersecurity specialist to create a great security product. The talent is there. Give people support to thrive. “
While resignations can lead to a brain drain within organizations, they can solve this problem by upgrading existing staff in key areas such as IT security and giving them opportunities to fill vacant cyberspace roles.
Alashe says: “Every organization has talented people who want to learn more and improve their skills. Find the gems you already have and give them the support and training they need to succeed. You will find that it relieves the pressure on recruiting and stimulates and engages the best people to stay. ”
Employers need to build trust with their cybersecurity professionals, allowing them to work in a way that best suits their needs. “Offering truly flexible work styles is the path to success. Too many organizations confuse hybrid work with the freedom and flexibility to choose work styles and arrangements. It’s not, “says Alashe.
“Employees want to be trusted to work in the best way for them. If an organization believes that it cannot do this, then it must assess whether it has the appropriate infrastructure and recruitment strategy. Provide real flexibility and the best employees will be rewarded for that trust. “
Some of the leading cybersecurity organizations adopt simple best practices to keep their employees happy and ultimately keep them. 1Password, for example, promotes open communication in its teams through special Slack channels. It also provides mental health daysbenefits for employees, such as meditation sessions through the Headspace app and training on topics such as responding to change.
Jeff Shiner, CEO of 1Password, said: “In fact, the complete elimination of burns is not realistic. As the pandemic continues and threats escalate, this will remain a problem that both companies and employees will have to deal with. Fortunately, there are solutions to help burn down, and companies need to consider making them at the heart of their cyber skills training initiatives. “
IT security professionals play a vital role in today’s organizations, ensuring that they are equipped to detect and respond to devastating cyber threats. So to see this industry affected by the Great Resignation is very worrying. What is clear is that businesses need to do more to encourage their cybersecurity employees to stay in their roles, whether it is about creating a more open workplace or improving the mental health of staff.