At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Johan Dreyer, Field CTO, EMEA, at Mimecast, tells the Gurus about burnout, leading by example, and the future of cybersecurity.
Johan Dreyer has been working across the IT Infrastructure, Messaging and Security industry for over two decades. In that time he’s become recognised as a trusted advisor to many organisations seeking guidance on the rapidly evolving landscape of IT security. Crucially, he’s noticed burnout increase among professionals. Dreyer notes: “It is widespread across the cybersecurity profession. Year on year, there are more attacks and more sophisticated approaches taken by cybercriminals. Our teams and our budgets are growing, but perhaps not keeping pace. And our teams are under a lot of pressure to continue to keep their organisations safe from attacks.”
“It’s a big challenge to try and deal with, across the board – and that’s whether you work in the vendor world, where organisations are charged with the objective to help keep customers safe, or if you’re part of an IT security team, who’s charged to keep their own organisations and employees safe from cyberattack.”
Crucially, Dreyer admits, it’s important for leaders to lead by example and take wellbeing, mental health, and burnout seriously.
Dreyer continues: “The culture of an organisation is often the result of the level of influence and role modelling that comes from leadership. So if you’ve got a board and executives who are invested in the wellbeing of themselves, as well as their staff and their organisation, that will become part of the culture and they will make time to invest in things like Employee Assistance programmes, in wellness seminars, in various other social activities, that help to break up and recognise the pressures that have been placed on staff and employees by operations and work.”
For Mimecast, their aim, generally, is to help protect people, protect data, and protect communications for companies. In terms of their product, they provide tools and technology that can be implemented to detect, prevent, and respond to cyberattacks through email generators and/or emails. Importantly, Mimecast invest time and money into their Employee Assistance programme, which helps anyone who is feeling overwhelmed or under pressure to speak to an independent third party for professional help.
When it comes to cyberattacks or cyber related incidents, there is a prevalent ‘blame culture’. Naturally, when something goes wrong, people look for the causes and, if not handled sensitively, a culture of blame can run rife throughout an organisation. As a result, when a mistake happens, an employee may feel less compelled to come forward and own up.
Dreyer adds: “Let’s consider the source of a blame culture. It comes from a sense of shame and a lack of openness. I think, first and foremost, it’s important to promote an environment where we’re encouraged to speak up, where we’re encouraged to support one another, and we’re encouraged to ask for help.”
The Mimecast State of Ransomware Readiness 2022 report revealed that 58% of professionals say that their role is getting more stressful each year and, additionally, that, in the next year, 42% of professionals are considering leaving their role in the next two years due to stress and burnout.
About the report’s findings and the general increase in ransomware attacks, Dreyer notes: “We’ve got to be concerned about the welfare of our teams. We’ve got to be putting systems in place that measure organisational resilience, especially in terms of how prepared our organisations are. We must ask: What are the scenarios that could happen? How do we run through these scenarios when they do happen? And could we present an argument that says we had prepared adequately? If we’re able to do all of that, it’s not going to take the pressure off, but it might ease some of the burden that our individuals and teams feel.”
But what about the future of cybersecurity if nothing changes?
“I don’t think there is a future of cybersecurity if nothing changes, because there isn’t a model where nothing can change. The adversaries will always come up with new ways, new tools and new approaches to get to achieving their end goal or their target. So long as the defences that we’ve got in place stay where they are or improve slightly, there’s going to be potential friction in achieving those targets and goals for adversaries.”
“There is no state where nothing changes, and therefore stays the same. What we can say for certainty is that adversaries will continue to evolve their techniques, tactics and procedures. Equally, for the cybersecurity world, as cybersecurity vendors, organisations, and as customers, we’re going to innovate at the same time to be able to respond to and detect and block these attacks and help keep organisations safe.”
In terms of advice for avoiding burnout, Dreyer emphasises: “The airline analogy comes out front and centre. Put the safety mask on yourself before you help others.”
Do you know an organisation that’s doing incredible things for employee wellbeing? Email us at [email protected].
