Cybersecurity threats are all around us, but one of the most overlooked may be on your team. Or rather, may not be on your team. And that is a problem. Cybersecurity talent shortages are widespread which is leading to a significant rise in cybersecurity risks, burnout being one of them.
The good news is that the pace of hiring cybersecurity professionals improved within the past couple of years with 250,000 cybersecurity professionals added to payrolls from 2020 to 2021. On the flip side, that demand has increased by 30 percent, so hiring has not kept pace. This leaves a shortage of at least 400,000 cybersecurity specialists in the U.S., alone.
Having such a shortage can create real risks and many MSPs aren’t prepared to deal with them. “The number one issue? Burnout,” says John Spence, a cybersecurity specialist in Montreal.
An illustrative example of this, as relayed by Spence involves a single engineer at an MSP that was doing the work typically done by five engineers. “He was running himself ragged, and one of his clients was breached. A simple patching program could have prevented it, that is something that typically would have been caught, but this guy was simply overworked,” Spence explains.
ZDNET describes the problem in stark detail: According to Tessian research, security leaders work 11 hours extra per week, with 1 in 10 leaders working up to 24 hours extra a week. Much of this time is spent investigating and remediating threats caused by employee mistakes, and even when they’ve logged off, some 60 percent of CISOs are struggling to switch off from work because of stress.
Here are some obvious and not-so-obvious tips to keep your workforce rested and de-stressed:
Summer breaks
This is a popular time of year for people to ask for time off. It’s understandable. Kids are out of school; parents want to spend some time with their children or enjoy the summer weather. But if everyone is taking their vacations during the prime summer months, that can stretch staff thin and lead to more risk and burn-out. Try to stagger breaks and encourage staff to take time off during the autumn or winter seasons instead.
Incentives
Incentives, Spence said, have long been used in the IT field. Rewards can include gift cards, pay perks, vacation time, and the like, but Spence says those rewards can have unintended consequences. “If you are already dealing with burn-out, if you dangle a $500 gift card out there, you may increase burn-out instead of incentives, build in rewards as a matter of course.
Signs of burn-out
Rarely does a top tier engineer simply resign without warning. There are usually signs, and a talented human resources team can generally connect the dots. For smaller MSPs that don’t have a human resources department, you can still watch for early warning signs of burn-out: absenteeism, late arrivals to jobs, mistakes by someone who typically wouldn’t make them. Once you establish a pattern, management should talk to the employee to see if anything can be done to avoid a grave mistake or a resignation letter.
Automation
Nothing – so far – can replace human intelligence in the battle against hackers. Still, as the staffing levels remain mired underwater in cybersecurity, everything that can be automated should be automated. This includes using chatbots to help prioritize workflows, automated payroll, automated help desk, and so on. In addition to office flow automation, MSPs should be invested in top-flight software and AI-powered programs to help reduce the workload on limited staff. Anywhere you can find to automate to facilitate work on overworked employees should be explored.
Training
Look for “diamonds in the rough.” A potential employee might not have the ideal resume for IT, but they may have other characteristics that could be nurtured. “I once knew an IT company that was desperate for help, and they found it – in a florist. The florist was looking to change careers, and while she had zero IT experience, she made up for it with tons of drive and desire to learn, and three years later, she is climbing the ladder at an MSP,” Spence said. So, watch for non-traditional candidates and embrace them.
Photo: kelifamily / Shutterstock
need to recognize the work load and pay and retain talent with the right wages and incentives. the old saying “can’t have IT as a budget line item” and keep up with the times.
A great observation and important topic brought to light by this post! While not all security tasks can be alleviated by technology, increased use of automation and AI-enable tools can be beneficial to reduce some of the stress in cybersecurity roles. These may likely be an additional investment, but will cost far less than lost productivity from burnout and turnover in top talent.
Good reminder for employers to pay attention to employees workloads.
Two things that I have seen people leave jobs for the most are better pay and remote work.
Forcing employees to return to the office who do not want to is only going to hurt, and with such a high demand for qualified cybersecurity professionals if we do not pay our top performers what they want, someone else will.
Good list of items to watch out for. No one wants to see someone being burned out.
Completely agree, gotta keep an eye out for signs and address asap.