If you don't address quiet quitting in your IT workforce, you're making yourself vulnerable to cyberattacks. Quiet quitting, a practice where people seem to disengage from their jobs, has been trending for a while now. Some believe it is burnout re-labelled, while others see it as a way to address wage theft. If you're a large company with a cybersecurity function, there is a high chance you have already faced it.

A survey by ThreatConnect reveals that out of 500 cybersecurity professionals, one-third are considering quitting their jobs and cite work-related stress and burnout as their reasons. This isn't surprising—over 70% of SOC analysts say they're burned-out from dealing with growing workloads and understaffed teams.

Is it the Great Resignation again?

The Great Resignation is one of the after-effects of excessive workloads and understaffed teams. It refers to the ongoing trend of employees all over the world deciding to leave their careers. The COVID-19 pandemic seemed to play a large part in this shift, influencing employees to spend more time with their families and choose jobs that offer work-life balance and space for better mental health. The aftermath of the Great Resignation has affected cybersecurity teams as well. CISOs are facing the difficulty of delivering results while efficiently utilizing diminishing resources, while management is figuring out how to retain cybersecurity talent. So, did the Great Resignation have anything to do with quiet quitting? Not really. Though the context does seem similar.

What is quiet quitting?

Quiet quitting does not actually involve the employee quitting an organization. Instead they 'quit' the idea of going above and beyond to fulfil their role. In millennial terms, it is the shedding of hustle culture and simply doing what is expected of any employee in the role.

Public opinion has been split on the rationale behind quiet quitting. One faction believes it is not a new trend, but that employees have been quietly quitting for years now and it's simply a new term for a long-existing practice. The other insists this is a change for the worse in today's attitudes towards work.

Implications of quiet quitting in cybersecurity

Let's face it, the job of a cybersecurity professional—be it a network and information security professional or a SOC analyst—never ends. Most analysts have to deal with a stream of alerts that are constantly popping up and putting out fires before they begin. This requires being on guard and available 24/7, which surely leads to alert or dashboard fatigue. Dashboard fatigue results from the consistent need for analysts to keep changing from one dashboard to another as they navigate through a laundry list of tools while dealing with an incident. Cybersecurity personnel also have to gather reports for compliance audits and procedures, which is a time-consuming process.

What will happen if one fine day, the entire cybersecurity team decides to adopt quiet quitting? The incident response team decides they will not look into incidents that occur after their shift? The IT admin decides not to monitor users or systems from a different business function or domain?

The result would be chaos.

While this may not be evident at first, it is only a matter of time before quiet quitting becomes the next Great Resignation. This change in mindset could have lasting long-term consequences, affecting the overall productivity of the organization. It could lead to gaping security flaws and loopholes cybercriminals could use to wreak havoc. If security analysts in an organization begin to adopt quiet quitting it could lead to negligence in monitoring of access to secure information. Ultimately, the ensuing data breaches will affect the organization's reputation and result in huge losses in revenue.

Avoiding burnout and adopting automation with SIEM

While quiet quitting may not seem like a new trend to everyone, addressing the issues it represents is long overdue. Extreme levels of burnout in a cybersecurity team have connotations beyond decrease in productivity or output. These could manifest into a bigger cyber threat in the long run, leading the way for more and more attacks on your data and reputation.

You can prevent this in your organization and proactively address quiet quitting by automating tasks that require needless manual intervention. Here's how investing in a SIEM solution like ManageEngine Log360 can help:

  • Reduce the need for manual intervention and weed out false positives with automated incident response.
  • Discover and record sensitive data, track any changes made to it through agent-based and agentless file integrity monitoring (FIM) with the integrated data loss prevention (DLP) module.
  • Save a sizable chunk of man-hours through automatic data collection and extraction of out-of-the-box audit reports with the integrated compliance management module.

Choose Log360 to combat indicators of burnout and eliminate the chance of quiet quitting endangering your systems and confidential data. Interested? Get in touch with our product experts for a free, personalized demo now!

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.