Wave Systems Corp. (fka WAVXQ)

[Genz2]

Impact of Stress and Burnout Worsens for CISOs

https://www.infosecurity-magazine.com/news-features/impacts-stress-burnout-cisos?utm_source=twitterfeed&utm_medium=twitter

The role of the CISO is one rife with challenges. Ultimately responsible for protecting an organization’s data, they must overcome issues such as an ever-evolving threat landscape, a widening attack surface, resources management and business alignment. It goes without saying that, whilst a CISO’s job can prove exciting and rewarding, it can come with high levels of stress and feelings of burnout.

Evidence of high stress levels in CISO/security leadership roles has been plentiful. In April 2019, research from Symantec revealed that 82% of IT security leaders across Europe were suffering from mental and physical burnout, with nearly two-thirds thinking about leaving their job (64%) or quitting the industry altogether (63%) as a result.

Earlier in the year, a report from Nominet discovered that 27% of CISOs felt stress was impacting their mental or physical health, with 23% saying the role was damaging their personal relationships. What’s more, 17% admitted they had turned to medication or alcohol to deal with workplace stress.

In fact, Infosecurity explored the issue of dealing with stress in information security job roles as far back as 2015.

What’s clear is that stress and burnout within security leadership occupations has been prevalent for some time, but new research from Nominet has revealed that the problem is continuing to intensify.

The firm surveyed 400 CISOs and 400 C-suite executives in the UK and US on the challenges of the CISO role and compiled it’s findings into The CISO Stress Report: Life Inside the Perimeter, One Year On. This research expanded on Nominet’s report from a year earlier and looked deeper into the causes and impact of stress on CISOs.

The research found that the vast majority of CISOs (88%) remain moderately or tremendously stressed, and although this marked a slight decrease from 91% in 2019, stress appears to be taking a greater toll on CISOs’ lives.

For example, 48% of CISOs said work stress has had a detrimental impact on their mental health, almost twice as high as last year, whilst 31% reported that stress had impacted their physical health. What’s more, 40% of CISOs admitted that stress levels had affected their relationships with their families, with just under a third (32%) stating it had repercussions on their marriage, romantic relationships and personal friendships (up from 23%). In terms of coping mechanisms, the number of CISOs turning to mediation or alcohol as a result of stress has increased to 23%.

Almost three-quarters (71%) of CISOs said their work-life balance was heavily weighted towards work, with 95% working more than their weekly contracted hours (something that 87% of CISOs felt compelled to do by their organization). As many as 83% of CISOs admitted to spending half their evenings and weekends thinking about work, with just 2% always able to switch off from work outside of the office. Interestingly, almost all surveyed CISOs (90%) would opt for a pay cut if it improved their work-life balance.

However, it’s not just CISOs themselves suffering more from stress. Nominet’s report also discovered that 31% of CISOs (a 2% increase on last year) feel the impact of stress has affected their ability to do their job. This could be having negative impacts on organizations as a whole, not to mention exacerbating the fact that the average tenure of a CISO is just over two years.

Speaking to Infosecurity, Stuart Reed, VP of cyber at Nominet, said that there are inescapable elements of a CISO’s job that, by nature, make it a high-pressured role.

“In many cases, the pressures of the CISO role are being exacerbated into stress by internal organizational factors. On top of their day-to-day job, CISOs are facing poor work-life balances, they are missing family events and milestones, they fear losing their jobs and, in almost 100% of cases, the board is expecting them to deliver more. While the remit of the CISO will remain a constant, these factors could be controlled better.”

Dr Dimitrios Tsivrikos, lecturer in Consumer and Business Psychology, University College London, concurred: “While there have been positive steps in mental health and stress-related issues, the essence of tackling these issues has not received as much attention as needed. We do anticipate that stress levels will continue to rise until we address the issue of stress, mental health and wellbeing at work.”

So what must be done to do exactly that? For Reed, the responsibility for and ability to reduce the stress load on CISOs lies largely with the board.

“One of the key findings of the report was that, while boards were cognizant of the stress faced by their security teams, they were doing little to address the issue. If boards want their organization to be effectively protected, they need to reduce the stress being placed on the CISO – otherwise they risk it leading to burnout. Urgent red flag issues that need to be addressed are CISOs being expected to work overtime, CISOs feeling like their job is on the line in the case of a security breach and, most importantly, a lack of support for mental health problems. The board can address all of these areas. Doing so will significantly reduce the internal pressures on the CISO and foster a healthier working environment.”

Reed also told Infosecurity that, to help CISOs recognize and gauge their stress levels, Nominet has (today) launched the CISO Stress Calculator, or ‘Stressulator.’

“We created the CISO Stressulator off the back of the dedicated research report,” he explained. “We used the key findings from the report to identify areas where CISOs felt particularly stressed. While it is not a scientific assessment of how stressed a CISO might be, it should give an indication as to where they sit on the scale. Our aim with the CISO Stessulator is to generate awareness around the issue of CISO stress.”

By raising the issue of CISO stress, Reed concluded, “we hope that wellbeing will be taken more seriously.”

Infosecurity will be exploring strategies for combatting burnout and stress in security leadership roles in a live session as part of its next Online Summit, taking place on March 25 and 26 2020. Find out more and register for the event here.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/wave-alternative

The IT perimeter is gone

With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.

It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.

You have to start with the device

Wave has an alternative: security that’s built into each and every device.

We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.

We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.

Security that’s confirmed, not assumed

With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.

A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.

Do we need to say that with Wave, compliance is no problem?

Start closing your security gaps today, with what you’ve got

You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.

It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.

Questions? Read on, or contact our sales department.
=================================================================
If CISOs read the data in the two links above, they could have a much better stress level to deal with in the future if they then used Wave solutions!!! Wave solutions could also dramatically impact organizations' stress levels for the better!!!