Employees are resigning in droves in the aftermath of the pandemic, whether it’s for better employment opportunities, more pay, or a decent work-life balance. In the thick of all this, security experts are under the pump, as they not only have to struggle to keep employees and recruit skilled individuals but also constantly monitor and limit the risk of data theft. In this article, top security experts discuss the most pressing security challenges that enterprises are facing during the Great Resignation.
The Great Resignation continues to cause challenges for businesses — 53% of workers worldwide sayOpens a new window they are now prioritizing their physical and mental health and are willing to leave their current job if it enables a better work/life balance.
For IT security decision-makers, this ongoing staff shift poses a dual problem. First is the widening skills gap; with the market already facing more than 2.5 million vacant security positionsOpens a new window , more resignations mean even more distance between what businesses need to stay safe and the available staff. Resignations from non-IT staff introduce new security issues around data protection and account management, putting even more stress on cybersecurity teams.
What does this mean in practice? In this article, four cybersecurity industry experts discuss the top cybersecurity challenges brought upon by the Great Resignation and ways organizations can resolve them.
See More: Fighting the Great Resignation: Enhancing Women’s Participation in the Tech Workforce
Security Challenges Amid the Great Resignation
Increasing staff stress
Gernot Hacker, sales engineering manager EMEA at Appgate thinks that the current conditions drive significant stress among cybersecurity staff.
Individuals within security teams have to bear the constant pressure of not feeling prepared that ultimately leads to stress and their eventual departure from the industry altogether, he adds. According to a recent World Economic Forum report, 88% of security-focused executives describe being “moderately or tremendously stressed.†Those who are stressed are not going to stay in the industry for long and therefore the skills gap is exacerbated.
Hacker also highlights the impact of retirements in addition to resignations. “Part of the reason why so many companies have this shortage is due to the max exodus of baby boomers taking early retirement due to the pandemic, which has forced younger generations to step up and take their place without necessarily having the skills to do so. Organizations must find the right balance in security teams and ensure that different generations are working together.â€
Disconnect between people & products
Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network, points out a disconnect between spending on security tools and products and their real-life impact on reducing risk.
“Organizations may gradually increase their annual security budgets to acquire more cybersecurity products and services,†he says. “But new technologies added into existing infrastructure without a long-term strategy in mind usually bring more pain than gain. Their installation, integration, and management is an arduous task when we operate in a multi-cloud environment connected to obsolete legacy systems hosted on-premises, let alone interconnected SaaS systems with data.â€
Kolochenko offers the example of a web application firewall (WAF): “One may buy a state-of-the-art WAF, but due to incomplete visibility of the attack surface, it will protect just 80% of our external web applications and APIs. Cybercriminals will undoubtedly find the rest, successfully attack them and breach the company despite doubled security spending. We shall start with strategy, people, and process management, not with blindly hiring or spending more.â€
Significant security slowdowns
The Great Resignation also challenges security response slowdowns as smaller teams try to keep pace with evolving threats.Â
As noted by Rebecca McKeown, director of human science at Immersive Labs and an ex-military psychologist, “the data on the time gap between threats breaking and people having the ability to defend against them shows a need for faster time to human cyber capability for large organizations. Without this, people will potentially be making decisions founded on unhelpful biases.â€Â
Data from Immersive Labs’ recent Cyber Workforce Benchmark report underpins this problem: Analysis of more than 35,000 security professionals across 400 organizations found that it takes teams an average of 96 days “to develop the knowledge, skills, and judgment to defend against breaking threats,†despite the fact that many government bodies and regulatory agencies recommend identifying and remediating vulnerabilities within 48 hours after issues are identified.
See More: Can the Great Resignation be Reversed in 2022? Here’s What Employees Really Want
Exiting employee issues
Cybersecurity teams also need to consider the impact of ongoing, non-IT resignations on networks and data sources. As noted by Tech Radar, the continual changeover of staff means that IT teams must constantly add or remove permissions for services, software and data. Suppose accounts aren’t quickly suspended or former employees misuse existing access credentials. In that case, businesses could face significant data theft or discover that key services have been exposed to ransomware, malware or other malicious attacks.
Solving this problem requires implementing zero-trust network architecture (ZTNA) and micro-segmentation solutions. “As we watch threats evolve and breaches become more devastating, the need to implement zero-trust strategies has never been more urgent,†says PJ Kirner, CTO and co-founder of Illumio. “But micro-segmentation isn’t an all-or-nothing strategy, and the path to a zero-trust posture can break into bite-sized phases. Start by gaining visibility to see the risk created by open lateral pathways across interconnected infrastructure and to the internet. Then, assume breach and secure the data by building security controls that close these risky pathways. This incremental approach is a journey that bolsters security posture to reduce risk and increase cyber resiliency.â€
Navigating the new cybersecurity landscape
While the full impacts of the Great Resignation will take years to address, current conditions pose significant challenges for cybersecurity teams. It’s not all bad news, however. Equipped with the right technologies and committed to creating a culture of cybersecurity that underpins a shared responsibility model, companies can better navigate the new security landscape and reduce their total risk.
What security concerns does your company face as a result of the Great Resignation? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!