National Mental Health Awareness Month kicked off this week. After record numbers of workers quit their jobs during the pandemic, security practitioners are wondering how to prevent an industry-wide “great burnout” from following the great resignation.

“Cybersecurity is 24/7 by its nature. The whole business is 24 hours a day, it's always on,” Ian McShane, VP of strategy at Arctic Wolf, told SDxCentral. “That means that you're never gonna be able to do everything. And this backlog just keeps growing and growing.”

Burnout has been an issue for a long time, and stress-related mental-health concerns aren’t new challenges to cybersecurity professionals. Even before the pandemic, high intensity and levels of responsibility drove up the stress and caused burnout among security professionals, he pointed out. 

“This great burnout has already been happening, and it's just come to a cataclysm,” McShane argued, adding that organizations are making backup plans in advance.

“A lot of organizations are starting to really wonder what their succession plans are. What would happen if your entire security team put [in] its notice on Monday and the last day was Friday, what are you going to do then?” he said.

It comes down to determining if the organization can rely on security vendors or partners to fill that gap, or making efforts now to prevent this from happening in the first place, he added.

During the pandemic, more businesses are shifting to the remote or hybrid work model, and some employers are taking advantage of it. 

“If you don't need to commute to the office, then we can have this meeting at 7:30 in the morning … or why do you need two weeks' vacation? Where are you going to go in a pandemic?” McShane said, referring to some examples. 

“There's been this weird culture in Western society for a long time, especially in security, where overworking has always been celebrated,” he added.

Some startups have done a better job of this, McShane noted. “There are just as many newer, smaller organizations that are far more in touch with humanity, if that's the right phrase, but they seem like far better places to work,” he said. “Arctic Wolf is a great example of a really strong focus on employee health and wellness and making sure that the leaders lead by example.”

“I think it needs to be a combination of colleagues, employers, and humanity trying to understand that just because people [are] at home now doesn't mean that they're available 24/7,” he added.

Data breaches, cyber threats, and attacks are on the rise, which also contributes to burnout for security professionals.

“Human brains are hard-wired to latch onto high-profile threats — amplified by news headlines and threat intel feeds — that cause teams to rush into making shortcut decisions that only set them back … or make them worse – only furthering feelings of helplessness and burnout,” Immersive Labs’ Director of Human Science Bec McKeown explained.

On the other hand, security teams have to deal with more security tools and alerts to address the heightened threats and protect their organizations.

A majority of IT professionals receive more than 500 public cloud security alerts per day, and they spend more than 20% of their time on prioritizing alerts, which results in missed critical issues and team burnout, a recent Orca Security report found. 

“The realistic situation is with security, you can never get everything done, so you're having to prioritize all the time,” McShane said. And “the scope of tools and technology is really vast, and that means you need more people to be able to manage it or you have to start making these difficult trade-offs.”

He argues security tool managing services such as managed detection and response (MDR) is one way to address this issue.

“One of the most frustrating things for me about cybersecurity is that … organizations are spending a ton of money on cybersecurity tools, but they're just not being able to use them effectively,” McShane said. “Having MDR services or security operations services, like Arctic Wolf, take care of those day-to-day operations on behalf of the customer means they're not wasting that investment, and they're starting to get the security benefits of it.”