Maksim Kabakou - Fotolia
The life of security professionals in operational roles, monitoring or maintaining systems, tends to be one of routine much of the time. Alerts are monitored and investigated, new indicators of compromise (IOCs) and detection use cases created, firewall and other detection rules updated, and threat research carried out.
However, this can change rapidly when a significant incident is detected. During an incident response, time is of the essence and routine is put aside. Incidents put considerable pressure on the team, particularly in the early stages when the extent of the compromise and its potential impact is unknown, and also on senior professionals such as IT managers and chief information security officers (CISOs) who find themselves fielding questions they don’t yet have the data to answer.
This results in more pressure on the operations team to expedite root-cause analysis and detailed threat intelligence to the increasing list of questions cascading from the IT managers and CISOs. In turn, the degree of concurrent tasks can escalate rapidly.
The Covid-19 coronavirus outbreak initially began to have an impact on the implementation of business continuity plans and tailoring of these to the specific threat, which is primarily to employees rather than physical assets.
Along with this came a rise in attacks, as cyber criminals attempted to exploit people’s worries around the outbreak. While I recently read that one cyber crime group publicly stated that it would stop exploiting ransomware against health targets for the duration of the Covid-19 outbreak, others were less “socially responsible”, seeing it as a business opportunity to be exploited. There has been a significant spike in phishing attacks and Covid-19-specific malware.
Managing stress levels
As the outbreak continues and we carry on working through the lockdown, there is additional stress from the lockdown in our home lives as we worry about catching the virus and passing it on to others, particularly when living with vulnerable family members.
This, compounded by the increase in attacks, alerts to be processed and incidents to be managed, exacerbates many of the causes of stress: being under pressure; not feeling in control; worry; change and uncertainty; feeling overwhelmed by responsibilities. While there are certainly those who are affected more by Covid-19, these stresses are bound to have an effect.
Looking at how to manage such situations, everybody is different and every organisation is different. I am a technologist, not a mental health professional, so can only speak from my experience. I learned a long time ago that work will expand to fill the time available, so while it is sometimes necessary to work extra hours, lower-priority day-to-day tasks sometimes need to be delegated or put aside, and excessive hours should not be the norm over a long period for anybody.
Paddy Francis, Airbus CyberSecurity
Also, when things seem out of control or uncertain, it is important to stay positive and focus on what we can do to reduce the uncertainty and plan for or mitigate a situation, putting problems and possible consequences into context.
Above all, we are all part of a team and will succeed or fail as such. We can’t succeed alone, so we therefore need to protect our teams from excessive pressure and not to task them with things not within their control or ability to deliver. We also need to understand individuals’ external pressures, which in current times, for example, means identifying anybody living with a vulnerable person and prioritising them for home working when possible.
In protecting ourselves and our teams, we need to understand the signs of stress. Symptoms may include memory problems, inability to concentrate, poor judgement, negativity, anxiousness, constant worrying, or the use of alcohol, cigarettes or drugs to relax.
These may be subtle, and recognising them in yourself and acting on them can be difficult, but is critical to maintaining your mental well-being and keeping things on track.
Last year, we introduced the concept of mental health first aiders into our organisation to help with this problem. These are volunteers spread throughout the organisation who are trained to recognise signs of stress and provide initial help to people showing signs of stress and signpost them to appropriate internal and external support.
This may seem altruistic to some, but it does in fact have real business benefits in increasing productivity and efficiency, by ensuring people get access to support when they need it, before they reach breaking point.
Identification of stress during a time of a distributed workforce with multiple shifts and many staff working from home can be complex. Team leaders and managers therefore need to amend normal practices to ensure early indicators are still achievable. Non-work chat on closed social media groups and frequent well-being group calls during the working week have proved successful as substitutes for the social interaction that would normally take place.
We are living through difficult times, but I am sure we will come through it and have learned lessons. We can never predict exactly what the next challenging event or situation will be, or precisely how to prepare for it. We can learn from the experience, however, perhaps understand ourselves and our teams a little better and put practical measures and strategies in place to deal with future events.
Read more from this Security Think Tank series
- How to manage security team well-being.