Joe FayTechnological reporter
Getty imagesWhen Tony was signed to burn out from his role of awareness of cybersecurity in a large British company of e -commerce last year, it was a lot of time.
“Many of us are in Cyber, we put our hearts into our work. There is a lot of passion. “
He was gradually harder to sleep and go to the office.
Tony, who did not want his real name to be used, recalls An attack of extortionists Wannacry In 2017. “It was Friday, and something appeared in BBC News.”
That evening, the security team called, and it was decided to remove each separate device from the network.
“And it was on Sunday afternoon that I was autonomous,” he says.
According to him, the company was not struck by a mistake. “It was a preparatory work.”
Tony said that this model is currently repeated between organizations trying to protect themselves from Scattered spider attacks This struck retailers and other enterprises this year.
And, he says: “I can’t even imagine what people have passed in a cooperative and m& s.”
Andrew Tillman“If you think that you can burn, you are already going there,” says Andrew Tillman, the former head of cyber -risk and guarantees of the UK Safety Agency.
He says that cybersecurity can sometimes be “the best work in the world”. But when everything becomes bad, “it can be a slightly dangerous place.”
Mr. Tillman himself suffered from “burnout” for four years in the agency.
This stress is manifested in the data collected by ISC2, a membership for specialists in the field of cybersecurity.
His Annual study of labor He showed 66% a favorable level of satisfaction with work in 2024, decreasing by four percentage points compared to the previous year.
Burnout is the “main problem” for this sector, says John France, chief ISC2 for information security.
He says that professionals in the industry are increasingly asking for “making more costs”, which only increases stress and dissatisfaction with work.
“Cyberprofessionals rarely work with nine to five,” he adds, even if they do this, they remain on the call, because the actors of the threats do not adhere to the working hours. ”
Partly the problem is that the hackers have become more aggressive, ready to aim at critical national infrastructure or healthcare organizations with the help of extortionists.
In addition, hackers supported by national states also take into account more attacks, whether espionage, steal IP, dissolve misinformation or conclusion about violations, or even strive for financial benefits in their own account.
North Korean hackers, for example became more active And Adept when using cybercrime.
Earlier this year, hackers, being considered to work in the North Korean mode, stole $ 1.5 billion (1.1 billion pounds Digital tokens from Crypto Exchange Bybit.
According to US officials, half of the acquisition of foreign currency North Korea comes from cyber -krazhiField
Getty imagesSince private and state organizations digested more operations, the consequences of cyber attacks or data violations are more serious.
Mr. Tillman says: “There is always such a conscious thought that if it goes wrong as it can affect people on the street? How can this affect their work, their livelihood? ”
The staff turnover is especially pronounced in entry -level roles, says Lisa Akerman, the former deputy director of information security (CISO) in GSK, and the CISO strategic leader in Cybermindz, non -commercial aiming for burnout in cybersecurity.
Constant warning from warning systems can aggravate the problem, presenting specialists to many data that they should understand.
This may be a special problem for young specialists in censor of roles and security operations.
But the roles without frontlin are not safe, says Mr. Tillman.
Risk management and ensuring compliance with organizations and regulatory obligations may Be a problem when other teams are desperately trying to get new applications or services on the air without considering all safety angles.
CybermindzThe founder of Cybermindz, Peter Coroneos, says that cybersecurity workers can be caught in a “guilt culture”, where their successes are “low visibility”.
This leaves them to the “low level of fear”, he explains.
According to M -Coroneos, for young workers this can cause damage, since the human brain is still developing up to 20 years.
“Thus, if you are gaining people whose brains are not fully formed and put them in the role of high stress, then you potentially create them for long -term problems from the point of view of their own cognitive and emotional well -being.”
Cybermindz offers a “structured regime of neural learning”, which is aimed at returning the subject to a sense of psychological safety.
“If anyone has a panic attack, telling them that it is just to calm down, in fact, it will not work. You need to solve neurochemistry, ”says Mr. Coroneos.
Ultimately, says Mr. Acerman: “We want to get to any legislation for cyber teams, as we have for air traffic controllers and doctors, pilots and people who are the first respondents. Which, in fact, are cyber defenders. ”
Meanwhile, organizations and employees must monitor the signs of stress before they turn into something more ominous.
Mr. Tillman says that now he is much more aware of the warning signs of impending burnout, which for him include a change in sleeping scheme or habit of food, habit of exercises or not to walk around the dog.
“This is almost like a violation of cyber protection,” he explains. “You must assume that this is already on the way, and work to not allow this to happen.”
