The National Cyber Security Centre (NCSC) – a part of the UK Government agency GCHQ – has issued advice on how organisations can avoid cyber staff burnout during an extended period of heightened cyber threat. Burnout was a topic discussed at the recent Infosecurity Europe show in London, and will feature in the August print edition of Professional Security magazine.
Paul Maddinson, NCSC Director for National Resilience and Strategy, said: “From the start of the conflict in Ukraine, we have been asking organisations to strengthen their cyber defences to help keep the UK secure, and many have done so. But it’s now clear that we’re in this for the long haul and it’s vital that organisations support their staff through this demanding period of heightened cyber threat.
“We have produced new guidance to help organisations do this, and I would encourage them to follow our advice to help sustain their strengthened cyber posture.”
As the NCSC points out, increased workloads for cyber staff over an extended period can harm well-being and lead to lower productivity, with a potential rise in unsafe behaviours or errors. The recommended actions in the guidance include:
– Getting the basics right by following our ‘actions to take when the cyber threat is heightened’ guidance;
– Revisiting risk-based decisions taken during the initial phase of heightened threat;
– Empowering cyber staff to make day-to-day decisions about the threat response without requiring additional oversight;
– Ensuring workloads are spread evenly across individuals and teams and that frontline cyber staff can take breaks to recharge;
– And accelerating planned action to harden networks and boost defence capabilities.
See also the NCSC’s blog post, by Dr Marsha Quallo-Wright, Deputy Director for Private Sector CNI – https://www.ncsc.gov.uk/blog-post/preparing-the-long-haul-the-cyber-threat-from-russia.
John Davis, Director UK & Ireland, at the training body SANS Institute, EMEA said that the NCSC’s warning of the threat of Russian cyber-attacks serves as a reminder of the importance of digital hygiene. “Cybersecurity is not just a tick-box exercise – the stakes are too high. For public and private organisations handling data, leaders need to be reticent of threats to communication streams and the ways cybercriminals will steal information.
“The bottom line is that ongoing war between Ukraine and Russia has international consequences, which is why boosting digital fortification is vital. Cybersecurity 101s for companies includes getting the right skills and training arranged for employees at all levels. Training is the number one form of defence to block threats at the door.
“With cyber training, being wary of phishing attempts operating through fake emails and messages is critical. Alongside scam awareness, one of the best methods of protection is regularly updating passwords and ensuring they are unique and long, and Multi-Factor Authentication (MFA) can also add an extra layer of defence here. Keeping devices and apps updated also helps patch over new vulnerabilities that cyber criminals might be looking to exploit.”