A new report from the password manager vendor 1Password found that employee burnout presents a “severe, pervasive and multifaceted security risk.”
Workers in virtually every industry are reporting high levels of burnout, said researchers – potentially leading employees to let their guard down around security threats.
“Burned-out employees, we discovered, are often apathetic and lax about workplace security measures,” wrote the report authors.
“Perhaps most troubling, we found that cybersecurity professionals themselves report disproportionately high levels of burnout,” they added.
WHY IT MATTERS
Cyber experts have routinely pointed to the importance of employee training as part of a robust security framework.
But the new 1Password report suggests that training alone isn’t enough, particularly when staff members aren’t feeling engaged.
The report drew on survey results from 2,500 North American adults whose work is conducted primarily at a computer.
It found that one in three workers say burnout is affecting their initiative and motivation levels – and that sentiment may be posing a critical threat.
For example, three times as many burned-out employees as their counterparts say security policies “aren’t worth the hassle.”
Burned-out employees are more likely to create, download or use apps at work without the IT department’s permission and to use easy passwords they won’t forget. Many also say it’s unrealistic for companies to manage all apps and devices used by workers.
Alarmingly, security professionals are reporting even higher rates of burnout – and nearly a third say they’re looking for new jobs or are about to quit.
“Security professionals were more likely than other types of workers to say they work around their company’s policies because they are trying to solve their own IT problems themselves … or because they hate the software their company provides,” noted report authors.
At the same time, phishing remained a top concern among many security professionals, in addition to ransomware.
“With all of the heat on ransomware gangs right now, we may see a decline in sophisticated attacks against large organizations – and a focus on breaching the security of small to medium-sized businesses, as they tend to have fewer defenses,” said John Donovan, chief information security officer at the anti-malware software company MalwareBytes, in the report.
THE LARGER TREND
The report draws an interesting connection between two major issues in the healthcare industry: cybersecurity threats and burnout.
It’s no secret that attacks on hospitals and health systems have been ramping up during the COVID-19 pandemic, especially where ransomware is concerned.
At the same time, …….