Cybersecurity threats are all around us, but one of the most overlooked may be on your team. Or rather, may not be on your team. And that is a problem. Cybersecurity talent shortages are widespread which is leading to a significant rise in cybersecurity risks, burnout being one of them.
The good news is that the pace of hiring cybersecurity professionals improved within the past couple of years with 250,000 cybersecurity professionals added to payrolls from 2020 to 2021. On the flip side, that demand has increased by 30 percent, so hiring has not kept pace. This leaves a shortage of at least 400,000 cybersecurity specialists in the U.S., alone.
Having such a shortage can create real risks and many MSPs aren’t prepared to deal with them. “The number one issue? Burnout,” says John Spence, a cybersecurity specialist in Montreal.
So many cybersecurity specialists are holding down work that would ideally be split between two, three, or even four engineers. “That leaves a real risk. It’s like teacher-pupil ratios, one teacher in charge of 12 students is much different than a one-to-30 ratio. The teacher in charge of 12 students can catch a lot more and the same goes for cybersecurity.”
An illustrative example of this, as relayed by Spence involves a single engineer at an MSP that was doing the work typically done by five engineers. “He was running himself ragged, and one of his clients was breached. A simple patching program could have prevented it, that is something that typically would have been caught, but this guy was simply overworked,” Spence explains.
ZDNET describes the problem in stark detail: According to Tessian research, security leaders work 11 hours extra per week, with 1 in 10 leaders working up to 24 hours extra a week. Much of this time is spent investigating and remediating threats caused by employee mistakes, and even when they’ve logged off, some 60 percent of CISOs are struggling to switch off from work because of stress.
Here are some obvious and not-so-obvious tips to keep your workforce rested and de-stressed:
This is a popular time of year for people to ask for time off. It’s understandable. Kids are out of school; parents want to spend some time with their children or enjoy the summer weather. But if everyone is taking their vacations during the prime summer months, that can stretch staff thin and lead to more risk and burn-out. Try to stagger breaks and encourage staff to take time off during the autumn or winter seasons instead.
Incentives, Spence said, have long been used in the IT field. Rewards can include gift cards, pay perks, vacation time, and the like, but Spence says those rewards can have unintended consequences. “If you are already dealing with burn-out, if you dangle a $500 gift card out there, you may increase burn-out instead of incentives, build in rewards as a matter of course.
Signs of burn-out
Rarely does a top tier engineer simply resign without warning. There are usually signs, and a talented human resources team can generally connect the dots. For smaller MSPs that don’t have a human resources department, you can still watch for early warning signs of burn-out: absenteeism, late arrivals to jobs, mistakes by someone who typically wouldn’t make them. Once you establish a pattern, management should talk to the employee to see if anything can be done to avoid a grave mistake or a resignation letter.
Nothing – so far – can replace human intelligence in the battle against hackers. Still, as the staffing levels remain mired underwater in cybersecurity, everything that can be automated should be automated. This includes using chatbots to help prioritize workflows, automated payroll, automated help desk, and so on. In addition to office flow automation, MSPs should be invested in top-flight software and AI-powered programs to help reduce the workload on limited staff. Anywhere you can find to automate to facilitate work on overworked employees should be explored.
Look for “diamonds in the rough.” A potential employee might not have the ideal resume for IT, but they may have other characteristics that could be nurtured. “I once knew an IT company that was desperate for help, and they found it – in a florist. The florist was looking to change careers, and while she had zero IT experience, she made up for it with tons of drive and desire to learn, and three years later, she is climbing the ladder at an MSP,” Spence said. So, watch for non-traditional candidates and embrace them.
Photo: kelifamily / Shutterstock