• Ransomware is the biggest stress factor, with more than one-third (38%) of the respondents making a ransom payment and 84% experiencing continued disruption after payment.
  • The report disclosed that professional organizations may not be fully equipped to deal with the threat of ransomware.

Deep Instinct, an end-to-end cybersecurity deep learning provider, released the third edition of its annual report, Voice of SecOps, which surveyed the stress levels among 1,000 C-suite and senior cybersecurity professionals across industries and roles.

The survey results reported that 45% of the respondents have considered quitting the industry due to stress. One of the prime reasons for this was an unrelenting threat from ransomware and the expectations to always be on call or available.

The research underpinned the fact that ransom payment is a hotly debated topic. About one-third (38%) of those surveyed acknowledged having paid the ransom, 46% asserted their data was still being exposed by the hackers, and 44% failed to restore all their data even after they paid the ransom amount.

The report suggests that traditional ways of security — which are typically dependent on a blend of disparate alert-heavy monitoring solutions — may not be feasible. Furthermore, it disclosed that professional organizations may not be fully equipped to deal with the threat of ransomware. This accounts for the creation of a stressful work environment for security teams and ultimately adds to the ‘Great Resignation.’

Ransomware stress: A lose-lose situation

For cybersecurity professionals, ransomware is one of the most stressful incidents to manage because the operational impact can be disastrous; last year’s Colonial Pipeline attack is a case in point.

Similarly, security responders are faced with a dilemma: Either they take the risk by not paying a ransom, thus losing access to crucial data, or pay the ransom in the hope that the intruder will decrypt the stolen data.

In fact, it’s common for attackers not to honor ransom payments. According to Deep Instinct’s survey report, 38% of the respondents reported having paid a ransom, 46% admitted that their data was still exposed by the hackers, and 44% said they couldn’t restore their data.

In the process of remediation, negotiation, or restoration, if something goes wrong, the blame is taken by the security analysts.

“In a culture of the blame game, the pressure of failure weighs heavily on security analysts. Visibility across the entire IT landscape is a challenge, leaving them blind to many issues,” said Karen Crowley, the director of product solutions at Deep Instinct. “They are working over hours, sometimes 16-18 hours a day, to keep the organization secure. The responsibility to catch a misconfiguration or mistake by an employee clicking on a malicious link falls back on them.”

What creates a high-pressure working environment for analysts is a combination of an “imminent threat of a breach,” chasing false flags and taking the blame for breaches.

How well can security teams respond to ransomware threats?

Prevention is perhaps the best defence that security teams can have against ransomware threats.

Easier said than done; this can be achieved when the attack surface is managed proactively. Mitigating vulnerabilities in the environment, too, can help. Furthermore, steps must be taken to educate employees on security best practices, like selecting strong passwords and not clicking on links or attachments in emails from unknown senders.

If prevention fails, security analysts get limited time to react to the intrusions and prevent data loss or encryption; an average ransomware attack takes a little more than three days from start to finish.

This is the reason why Crowley advocates organizations to keep investing in technologies that can reduce false-positive alerts, providing security teams more visibility over their environment and, at the same time, facilitating more time for higher-value work rather than chasing false flags.

She also notes that enterprises must invest in solutions to send higher fidelity alerts to EDR, SIEM, or SOAR solutions so that security analysts can get a better understanding of the events that have been prevented and uncover active threats on the network faster.

Of course, managed services also have a role to play in supporting overburdened security teams, particularly if they’re under-resourced or understaffed.