An interesting prediction, and backed up by a Gartner report:
The original piece link is here:
Isn't this really a call for augmentation by AI to assist cybersecurity professionals?
We just published a blog yesterday on this topic too
It is mental health awareness month. This is a good reminder to all of you to prioritize your mental health! You can't pour from an empty cup; so take care of yourself so you can take care of the security of your organziations!
Help each other out, share what tips you all do to de-stress in the comments.
Here is a blog, we (@Caute_cautim, @trickydicky and I) wrote last May 2022.
How to Prevent Burnout Among Cybersecurity Professionals Before, During and After a Breach - (ISC)² ...
Burnout amongst security folks has been an issue for many years.
Will AI help? In some ways, it may but in others, it will add to the stress. Why do I say it will add to the stress? Not only will Security folks leverage the tool to try to improve security but the hackers will be using it to build bigger and better ways of breaching our systems.
At the very first security conference I attended, I heard William H. Murray speak and one thing he said stuck with me through the years. That the FBI stated 75-85% of all security incidents were caused by insiders. I came away in disbelief. I had many questions after that.....oh how soon I learned that stat was correct.
"That the FBI stated 75-85% of all security incidents were caused by insiders."
Would you say that also includes unintentional or unknowing insiders, such as email clickers and social engineering marks?
That quote was from the late 1990's and at the time, it included both malicious and unintentional events. They did not make a distinction.
We know that phishing, etc. have become the bane of our lives. Sometimes, the user is curious and sometimes they do not realize.
The attacks are becoming more and more sophisticated. These types of attacks will become more difficult to defeat as AI is leveraged to develop them and make folks believe that the invoice is valid or that it's just an innocent story or whatever......
Part of the stress that I feel comes from trying to keep up or ahead of what is happening. Another part of my stress is worrying that one of these attacks will ultimately cause the loss of human life (remember, I work for a steel manufacturer who uses computers in their processes).
Other folks may stress over losing their employment if something happens.
It seems to coincide with some recent reports which were released from various sources:
Burnout is a real issue, yes AI can assist, but there is also a greater need for augmentation and automation to assist organisations too. The use of Enterprise Attack Security Management (EASM) would certainly prepare organisations to identify the real threats 24x7 and reduce approximately 30% of unknown vulnerabilities.
We have to get smarter about tackling cybersecurity within our organisations, making it more tangible as to the real threats vs the potential threats.
And if you've worked in organisations in which people do get fired for events which are beyond their reasonable control, it's obviously going to make anyone left in post uncomfortable....
Any such organization would quickly find itself populated with craven individuals who never speak up, take action only when told, and avoid innovation like the plague.
@parmstrong Possibly, but more likely to find that they suffer a sudden shortage of cyber security staff and then have to pay over the odds to hire replacements.