Burnout risk threatens cyber defense readiness

Adam Meyers is still recovering from COVID and hasn’t slept much this week as he and his team at cybersecurity firm CrowdStrike work around the clock to monitor and defend private sector and government clients against potential new threats from Russia. 

Why it matters: U.S. ability to detect, monitor and defend systems against direct attacks or fallout from cyberattacks may be compromised by potential burnout of cybersecurity workers. 

The big picture: Cybersecurity experts have already had to deal with years of increased large-scale attacks while facing the same physical, mental and emotional challenges as the rest of the global workforce during the health crisis. 

• Being in a prolonged period of high state alert where people are constantly trying to react and respond to incidents may lead to people being worn down and making mistakes, Meyers, SVP of intelligence, tells Axios.
• "If you're a bad guy and you target an organization and cause those defenders to constantly get worn down ... that's a long game strategy that may result in degrading their ability to respond."

What they're saying: "You're literally the only person that's ever expressed any concern about the people that are working on this," Meyers told Axios.

• "I have over 70 people that have been burning the candle on both ends for the better part of six weeks now because of this situation."
• For smaller organizations, the issue may become even more acute, says Luke McNamara, principal analyst with cybersecurity company Mandiant.
• "You may have [only] one individual ... so that's a tremendous load."

State of play: While it's hard for experts to say exactly how and what a direct cyberattack on a U.S. company or agency might look like, the consensus, largely, is that the threat level is low for the moment, but the situation is changing continuously.

• "What we're seeing so far is pretty tame," says Josephine Wolff, associate professor of cybersecurity policy at The Fletcher School at Tufts University.

• Spreading of disinformation and cyber espionage have been constant, and not just from Russia, McNamara says.
• "What we're always looking for is any sort of notable changes in the threat activity," he adds.

Threats to watch: The concern anytime you see espionage is how that activity might be further leveraged for something more destructive.

• Specifically, cybersecurity analysts are looking at where sanctions are going — think finance and energy — because that's where there may be signs of retaliatory targeting by Russian "threat actors," according to McNamara.

The bottom line: "There's no shortage of crises that are happening when it comes to cyberthreats," he says.

• Just this morning, Meyers reminded his team to "get some sleep, exercise, whatever — to be in fighting shape. And some of them refuse because there's a sense of mission."