We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Nico Ortega
  • Intelligent Machines

    Cybersecurity’s insidious new threat: workforce stress

    This week’s Black Hat event will highlight job-related stress and mental health issues in the cyber workforce.

    The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new “community” track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught.

    With titles like “Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community” and “Holding on for Tonight: Addiction in Infosec,” several of the sessions will address pressures on security teams and the negative impact these can have on workers’ wellbeing.

    “A lot of people in this space feel strongly about wanting to protect their users,” says Jamie Tomasello of Duo Security, who is one of the speakers. “Where this becomes challenging is when people are under sustained high stress. That increases the risk of depression and mental illness.”

    The impact on cyber defenders’ lives is deeply concerning, as are the broader implications for security. In spite of a push for greater automation, many tasks in cyber defense are still labor intensive. Workers experiencing mental health issues are more likely to make mistakes and to have performance issues that require colleagues to pick up the slack, increasing the likelihood they will make errors too.

    High pressure, high stakes

    This matters more than ever as the stakes have risen dramatically in the cybersecurity world. Hackers aren’t just swiping credit card details and digital health records; they’re attacking systems governing power grids, manufacturing facilities, and other sensitive infrastructure.

    For sure, workplace stress isn’t unique to cybersecurity. There are plenty of other workers, including first responders, soldiers, and surgeons, who face intense pressure in their jobs. Other IT roles, such as ones involved with keeping key networks and databases up and running, can also be stressful.

    But industry insiders say several factors have combined to create a particular problem in cybersecurity. One is the fact that IT systems of all kinds are now pretty much constantly under attack, which means there’s no obvious finish line to the work. “There’s never a downtime. It’s non-stop and every day is a battle,” says Andrea Little Limbago, an executive at cybersecurity firm Endgame who has written about the subject of stress in the cyber workplace.

    The speed at which bad guys are innovating also creates unique pressures. “The challenges to keep up are insane,” says Jack Daniel, the co-founder of BSides, another security conference that has highlighted mental health issues.

    Sign up for Clocking In
    A look into how technology is shaping the workplace of the future

    By signing up you agree to receive email newsletters and notifications from MIT Technology Review. You can change your preferences at any time. View our Privacy Policy for more detail.

    Labor shortage

    To make matters worse, the industry is facing a shortage of skilled workers. According to one estimate, some 300,000 cybersecurity positions in the US alone remain vacant. That means additional work—and pressure—for those covering unfilled roles.

    A global survey of 343 cybersecurity executives published in November 2017 by the Enterprise Strategy Group and the Information Systems Security Association found that almost 40 percent of them said that the skills shortage was causing high rates of burnout and staff turnover. “There really is an urgent need for more serious research on this,” says Daniel.

    Just getting a baseline from which to measure stress levels in the cyber workforce would be helpful. Two researchers at America’s National Security Agency, Celeste Lyn Paul and Josiah Dykstra, have conducted internal studies at the organization, whose staff often find themselves in stressful situations. They have developed a stress survey that can be used for a one-off study or as an ongoing benchmark. The researchers will be discussing this at Black Hat and say they plan to put it online on August 13 so anyone can access it.

    AI to the rescue?

    While more empirical evidence would be welcome, companies can already take steps to address stress-related issues by ensuring cyber defenders have regular time off, are encouraged to share any concerns they have over workplace pressure with managers, and are given access to sources of advice and counsel on mental health issues.

    Technology could ultimately help improve matters, too. Hordes of cybersecurity software vendors are embracing machine-learning tools as a way to automate more and more tasks. That could eventually take some of the strain off overworked employees, but before that happens at scale many more humans are going to be needed on the cyber front lines.

    Keep up with the latest in cyber security at EmTech Digital.
    Don't be left behind.

    March 25-26, 2019
    San Francisco, CA

    Register now
    More from Intelligent Machines

    Artificial intelligence and robots are transforming how we work and live.

    Want more award-winning journalism? Subscribe to Insider Plus.
    • Insider Plus {! insider.prices.plus !}*

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      Print + Digital Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

      Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

      10% Discount to MIT Technology Review events and MIT Press

      Ad-free website experience

    You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.