If you don't address quiet quitting in your IT workforce, you're making yourself vulnerable to cyberattacks. Quiet quitting, a practice where people seem to disengage from their jobs, has been trending for a while now. Some believe it is burnout re-labelled, while others see it as a way to address wage theft. If you're a large company with a cybersecurity function, there is a high chance you have already faced it.
A survey by ThreatConnect reveals that out of 500 cybersecurity professionals, one-third are considering quitting their jobs and cite work-related stress and burnout as their reasons. This isn't surprising—over 70% of SOC analysts say they're burned-out from dealing with growing workloads and understaffed teams.
The Great Resignation is one of the after-effects of excessive workloads and understaffed teams. It refers to the ongoing trend of employees all over the world deciding to leave their careers. The COVID-19 pandemic seemed to play a large part in this shift, influencing employees to spend more time with their families and choose jobs that offer work-life balance and space for better mental health. The aftermath of the Great Resignation has affected cybersecurity teams as well. CISOs are facing the difficulty of delivering results while efficiently utilizing diminishing resources, while management is figuring out how to retain cybersecurity talent. So, did the Great Resignation have anything to do with quiet quitting? Not really. Though the context does seem similar.
Quiet quitting does not actually involve the employee quitting an organization. Instead they 'quit' the idea of going above and beyond to fulfil their role. In millennial terms, it is the shedding of hustle culture and simply doing what is expected of any employee in the role.
Public opinion has been split on the rationale behind quiet quitting. One faction believes it is not a new trend, but that employees have been quietly quitting for years now and it's simply a new term for a long-existing practice. The other insists this is a change for the worse in today's attitudes towards work.
Let's face it, the job of a cybersecurity professional—be it a network and information security professional or a SOC analyst—never ends. Most analysts have to deal with a stream of alerts that are constantly popping up and putting out fires before they begin. This requires being on guard and available 24/7, which surely leads to alert or dashboard fatigue. Dashboard fatigue results from the consistent need for analysts to keep changing from one dashboard to another as they navigate through a laundry list of tools while dealing with an incident. Cybersecurity personnel also have to gather reports for compliance audits and procedures, which is a time-consuming process.
What will happen if one fine day, the entire cybersecurity team decides to adopt quiet quitting? The incident response team decides they will not look into incidents that occur after their shift? The IT admin decides not to monitor users or systems from a different business function or domain?
The result would be chaos.
While this may not be evident at first, it is only a matter of time before quiet quitting becomes the next Great Resignation. This change in mindset could have lasting long-term consequences, affecting the overall productivity of the organization. It could lead to gaping security flaws and loopholes cybercriminals could use to wreak havoc. If security analysts in an organization begin to adopt quiet quitting it could lead to negligence in monitoring of access to secure information. Ultimately, the ensuing data breaches will affect the organization's reputation and result in huge losses in revenue.
While quiet quitting may not seem like a new trend to everyone, addressing the issues it represents is long overdue. Extreme levels of burnout in a cybersecurity team have connotations beyond decrease in productivity or output. These could manifest into a bigger cyber threat in the long run, leading the way for more and more attacks on your data and reputation.
You can prevent this in your organization and proactively address quiet quitting by automating tasks that require needless manual intervention. Here's how investing in a SIEM solution like ManageEngine Log360 can help:
Choose Log360 to combat indicators of burnout and eliminate the chance of quiet quitting endangering your systems and confidential data. Interested? Get in touch with our product experts for a free, personalized demo now!
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.