enough time on strategy and process improvement.
This response comes up so often that I admit becoming somewhat numb to it, but when reviewing some ESG research this week, this data point hit me like a ton of bricks as I contemplated the implications.
If security teams spend an inordinate amount of their time in fire drill mode, my instincts tell me that they are like Elliot Alderson, the protagonist in the show Mr. Robot, security professionals want to save the world — from cyber-adversaries and the devastation they cause.
In pursuing this goal, their days are often chaotic, taken up with emergency response actions. Security professionals deserve our gratitude and respect for this alone.
But also, they are: Cutting corners: Despite this valour, putting out fires has a significant downside — you react, do what you can, and move on to the next hot spot; sometimes without thinking things through.
Faced with constant emergencies, it’s safe to assume that security operations teams are making compromises and cutting corners — especially if there’s another emergency to deal with around the bend.
This type of incident response also tends to be anchored by individuals and tribal knowledge rather than tried-and-true processes. Ironically, cutting corners can add complexity,
uncertainty, and time to emergency situations.
Burnt out: Pity the poor security operations team. They are usually understaffed, overworked, and faced with a constant stream of high-priority emergencies. This is an unhealthy work environment that will stress out even the most stoic security pros.
Little wonder then why research
from ESG and the information systems security association (ISSA) indicates that 71 per cent of security professionals agree that there is an unhealthy level of stress associated with their jobs. This inevitably leads to mental health problems, a toxic workplace, and staff attrition — a sure-fire recipe for ineffective and inefficient cyber security operations.
Poorly prepared for future attacks: Responding to constant emergencies takes time away from other necessities like training, testing, and process improvement. The absence of these things forces security teams to rely on what they know, but since cyber attacks are constantly evolving, even the best knowledge and skills will become stale and ineffective over time.
Soon, the security team will be performing their jobs in the cybersecurity equivalent of bringing a knife to a gun fight.
5 practices to reduce security fire drills
CISOs would be well advised to assess