Show your security analysts some love this Valentine’s day
By Doron Davidson, Founder and VP of Business Development, SecBI
Valentine’s day is a global celebration of love. People across the globe expect their significant other to show their love by sending chocolates, flowers or scented candles. This holiday, however commercialized in recent years, is profound in the way that it captures one simple idea… love of another is something to be acknowledged.
The same spirit is now widely recognized in the workplace as well. Executives are trained to provide positive feedback to their subordinates, and companies spend millions on parties and trips, showing appreciation to their employees. This acknowledgment of appreciation, research shows translates into happier, more productive workers.
Is everyone happy?
But what about the employees who are rarely given any acknowledgment of gratitude? Meet the security analysts: A role that people love to hate. Security analysts work day and night (and sometimes, in follow-the-sun shifts) to keep the organization safe. They investigate alerts, enforce policies and remediate security incidents. And what do they get in return? Greeting cards? Hardly.
Your security analysts: From hostility to burn-out
Most likely, they will receive hostile looks in the hallways, or even worse, they will be scorned by the CIO office for not responding quickly enough to an alert (one of thousands). They can “get it right” hundreds of times identify the cyber threat, prioritize, respond according to pre-determined procedures, and remediate the malware. But if they get it wrong, only one time, a missed cyberattack will never be forgotten. And this constant pressure without reward translates into psychological stress and fatigue. After all, who likes that security analyst who missed the ransomware that cost the company thousands in lost revenue. The pressure of work never lets up with security analysts, and almost half (49%) of analysts surveyed reported that they are kept awake at night worrying about their organization’s cybersecurity, and 65% of SOC professionals say stress has caused them to think about quitting. That’s a strong indication that these analysts aren’t receiving enough love (if any). But what could be done about it?
- Awareness of security analyst burn-out
Although most discussions on cyber awareness focus on educating employees about preventing cyberattacks, it’s worthwhile to educate an organizations’ employees about the demanding role of their cybersecurity professionals. It is enough to spend a few hours in the company’s SOC to better understand the challenges these people face on a daily basis. This awareness would greatly help in reshaping the work-force’s attitude towards their colleagues at the cybersecurity department. Suddenly the analysts calling to ask you about that file you have been sent or tells you that he needs to take control over your machine won’t be seem as intrusive, but protective.
- Positive feedback
It’s not enough to appreciate someone. It is also important to acknowledge their hard work and efforts. SOC teams are not waiting to be praised. They know how important their work is, and they are proud of it. But occasionally complimenting them and rewarding their efforts would go a long way in preserving their motivation.
- Celebrate the wins
At the security world, we are all focused on the screw up: The infections, data leaks, stolen data and locked systems. Instead, we should hail successful operation such as quarantining suspicious files, stopping malware infections and identifying malicious activities in your network.
Analysts are not magicians. Even the best of them cannot perform without the proper toolkit. But most security tools today are cumbersome, slow to respond and require the tired analysts’ full attention in order to be effective. But if instead of scorning them, you could give them the “gift” of advanced, autonomous detection, investigative, and response tools. In addition of the excitement of receiving a new “toy”, analysts would be able to perform better, identify threats faster and more accurately, and overall have more time to breathe. The gift of smart automation would bring them positive feedback, and charge them with additional motivation to perform better.
Don’t wait until Valentines to show your security analysts some love. Just walk over to the SOC, say hi and thank them for all the hard work they have put in throughout the year to keep you and your organization safe. You’d be surprised at the impact this would make.
And one last word. If any hackers are reading this, please move away from your screens and go celebrate Valentine’s Day. The one thing our analyst doesn’t need is to spend the holiday hunting for you instead of spending it with their loved ones.