[LINK] R U OK Day

Wed Sep 11 01:02:13 AEST 2024

CEO calls for authentic conversations on R U OK day as cybersecurity teams face burnout under pressure

By David M Williams 10 September 2024 https://itwire.com/it-people-news/cio-trends/tesserent-ceo-calls-for-authentic-conversations-on-r-u-ok-day-as-cybersecurity-teams-face-burnout-under-pressure.html

Thursday 12 September 2024 is R U OK day, and this year cybersecurity and cloud services provider Tesserent reminds us all to check in on our security teams after another year with relentless cybercriminals.

R U OK day is a national day of action highlighting the importance of meaningful conversations, held on the 2nd Thursday of September each year. 

It's the initiative of R U OK?, an Australian non-profit suicide prevention organisation. The key thrust of the organisation is, as you might guess, to check in with people around you and ask if they are ok.

Some take a cynical view that the day is unauthentic and tokenistic. Yet, the day's not for them. It's for the hidden people working and living amongst us who put on a brave face but are facing struggles and turmoils. We wouldn't even realise; they've become skilled at masking their pain. And even if your boss asking, "R U Ok?" before getting onto the days agenda may not be totally earnest, it's better to have a hundred of these than risk not having the sincere conversations.

And this year Kurt Hansen, the CEO from one of the largest cybersecurity companies in Australia, Tesserent, wants to encourage people to check in on the wellbeing of your company Chief Information Security Officer (CISO) and the cybersecurity team.

Cyber attacks are relentless; iTWire reports regularly of breach after breach. We report the ongoing research into cybersecurity showing ransomware is still profitable, and that even nation states are getting in on the act for their own political purposes.

Imagine owning a bricks-and-mortar store and finding at every moment, of every hour, of every day, of every week that criminals are right at your doors and windows testing every possible access point. The criminals are lined up behind each other in a never-ending queue.

This is the reality for cybersecurity defenders, except the walls are electronic not physical, and the bad guys aren't simply there in person but from far-flung corners of the world.

We've seen high-profile destructive data breaches in Australia in recent years. There are many we don't see because they are less prominent. However, there are loads more we don't see because they didn't happen. Make no mistake, the attackers tried, but were thwarted by an observant, prepared, and sharp-thinking cybersecurity team.

When the attackers only need to get it right once to breach your defences, but you have to get it right every single time to defend, it's no easy task.

The reality is that the cybersecurity experts in your business are facing stress, pressure, and burnout in a highly intensive role. This is not good for your organisation, and it's not good for Australia, if we can't attract and retain the people we need in the battle against cybercrime.

Leigh McMullen, Vice-President and security analyst at Gartner, expects nearly half of cyber security leaders will change jobs by the end of next year with about a quarter of those leaving for entirely different roles. This is at a time when AustCyber estimates the shortage of skilled information security workers will reach almost 20,000 over the next two years in Australia.

A recent global survey from Hack The Box found mental fatigue, stress, and burnout is running rampant, affecting 84% of workers within the cyber security field. 

A 2023 report by Splunk revealed that 79% of cyber security professionals experienced burnout in the past year.

It doesn't have to be this way. Tesserent CEO Kurt Hansen wants to encourage us all to check in on our frontline cybersecurity teams this R U OK day and ask what we can do to help - and, importantly, listen to the response.

“Cybersecurity is a shared responsibility that encompasses every individual in an organisation from the boardroom to the basement. It is not the sole responsibility of one CISO or a small team of cyber security experts. Organisations need to listen to the advice from their CISO about what they need to do to protect the organisation, its people and customers, not just on R U OK Day but all year round," Hansen said.

“Organisations also need to think more about how they can give incident response teams, much needed downtime. It is important to rotate the team to ensure that people don’t burn out if back-to-back incidents are occurring. While you need to maintain a constant 24x7 watch, it is a shared responsibility,” he says ..

--