Threat Management, Security Strategy, Plan, Budget

Cognitive Overload: The hidden cybersecurity threat

Today’s columnist, Mike Saxton of Booz Allen Hamilton, writes about how security analysts spend their time handling Slack messages, analyzing data, and managing job tickets – a flow of work that can lead to burnout. Saxton offers three tips for easing the stress on security pros. (Photo by Justin Sullivan/Getty Images)

Whether it’s closing tickets, tracking open tickets, analyzing data, answering Slack messages, or addressing alerts, a cybersecurity analyst spends most of their day deep in the trenches of numbers and activities. Very quickly, we’ve seen this always-on cybersecurity environment leads to burnout, and there’s one major contributor: cognitive overload.

Cognitive overload occurs when workers are trying to take in too much information or execute too many tasks. This typically falls under two areas for cybersecurity analysts: intrinsic load, the piecing together of complex technical information to perform incident response activities; and extraneous load, the other 97% of data in a SIEM that they must filter out, while also handling team conversations and sidebar questions.

Ultimately, cognitive overload leads to poor performance levels, a lack of focus, and a lack of fulfillment. This can have particularly detrimental consequences within cybersecurity, where ransomware attacks rose 13% year-over-year – more than the past five years combined. To boot, just under half of senior cyber professionals (45%) have considered quitting the industry altogether because of stress.

To accommodate the needs of this critical workforce – and fill the 771,000 cyber positions open today – companies must make easing cognitive overload a top priority. Today, it stems from two major issues. First, organizations typically lack direction in cybersecurity, tasking analysts with a broad and daunting: defend our infrastructure. It’s too abstract and leaves them unsure of their roles and responsibilities. Uncertainty has caused stress levels to rise, and security teams can certainly benefit from direction and guidance that defines their role and top priorities in the security plan.

Second, the tendency among technology analysts to “defend the infrastructure” can sometimes overwhelm the team. From too many tools to too much data, this excess of information can hinder more than it helps. Most SIEM approaches tend to “collect everything and sort it out,” meaning much of the data does not get used for investigations. Given these issues, there are a few ways to better support cybersecurity teams and reduce the most common sources of cognitive overload.

  • Establish a clear strategy and team structure.

Companies can combat cognitive overload by setting a clear cybersecurity strategy for the team. Workers should have a strong understanding of their role, their responsibilities and goals, and where they fit into the larger strategy. This way, instead of feeling like a few dozen workers in charge of defending an entire organization, they view themselves as a structured force multiplier. Assign infrastructure areas of interests to teams, allowing them to focus on specific products and services to secure.

Establishing this strategy can feel troublesome with the current revolving door of employees. It’s important to recognize that teams are just as important as the strategy, and it must include employee training. It’s expected that the company will have to pause some business operations to enable a proper training process – something that will pay off in the long run.

  • Understand the limits of technology.

Despite the value of the cybersecurity team, there has long been a misconception that one singular tool or product can get the job done. Though these tools can share meaningful data, analysts are responsible for interpreting that data and making all final decisions. Often, they report they are looking at too many systems or struggling with overly complex user experiences. Getting their feedback and cutting out extraneous tools or finding the right combination of tools can help solve these challenges.

It’s also important to recognize how much noise comes from outside security systems as well – Slack, WebEx, Outlook, Teams – and proceed thoughtfully when communicating with security workers. More technology won’t solve the issue so listen to what the analysts have to say.

  • Recognize cybersecurity’s human side.

With technology as support, humans are the backbone to every cybersecurity program, and that’s often exhausting. Cyber threats don’t take summer vacations, but people need to – especially cybersecurity teams. Avoid cognitive overload by taking some time away from work altogether. Leaders should engage with their cybersecurity teams, encouraging them to take a breather and understanding their needs to help to lessen the load where possible.

Offering employees the opportunity to have balance signals that the company has made the staff’s mental health a priority and helps them recognize when they are fast-approaching burnout. Time spent away can help make their daily tasks more fulfilling and, ultimately, this kind of culture helps build a shared understanding of why teams are there and what they need to accomplish.

Even with these strategies in place, security pros will always find working in cybersecurity challenging. The need for talent has steadily increased, threat actors are getting smarter, and cybersecurity experts will always need to keep adapting. That being said, it’s also a place where many find great fulfillment.

Most organizations walk a fine line between stressful and challenging, but there’s a lot they can do to ensure they stay firmly in the latter. At a time when cybersecurity talent has become more critical than ever, mitigating their stress – and the factors leading to burnout – must stay a priority. Start by focusing on cognitive overload: establish a cybersecurity plan, cut excess tooling and above all, listen to the analysts.

Mike Saxton, director, federal threat hunt and DFIR, Booz Allen Hamilton

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.