Deputy editor Benjamin David argues that we must ensure we protect our mental health from cyber-attackers
Anyone familiar with Infosecurity Magazine knows that the start of the year is an exciting and crucial time for us. The sheer abundance of written material on emerging technology and cyber-attacks allows the editorial team to prognosticate the year to come and reflect on the year that just passed. As readers will likely know by now, all of my previous parting shots have been unapologetically tech-focused. So, unsurprisingly, when I sat in front of my laptop to write this column, it felt like another opportunity to opine on all things tech. Yet, this edition feels strangely different from previous ones, given recent events in the industry. So much so that my ‘way of doing things’ must be rewritten; sometimes you have to take stock of what matters most in the industry – the people.
The somber passing of Dark Reading’s editor-in-chief and stalwart, Tim Wilson, impacted the cybersecurity industry across the globe. Tim served as the leader, visionary and heart and soul of Dark Reading, a publication he co-founded on May 1 2006. Our own editorial director, Eleanor Dallaway, was so saddened by Tim’s untimely passing that she dedicates this edition of Infosecurity Magazine to Tim and their 14 years of friendship.
Since getting involved in information security a few years ago, I’ve seen a gradual shift in the industry that progressively spotlights the human within an ardently tech-laden world. Fortunately, Infosecurity Magazine is no stranger to commenting on those more human sides of the industry, frequently reporting on the issues of community, diversity, the cyber skills gap, etc. Yet, even though this edition focuses on discernable tech-related topics from the metaverse to smart cities, this magazine feels very different from previous editions in which I’ve been fortunate enough to be involved. This is because our Q1 magazine considers neurodiversity and physical disability and the importance of humanizing cybersecurity.
As more reports are released detailing the havoc cyber-attacks reaped globally in 2021, it is the afflictive stories I’ve edited here at Infosecurity that stand out in my mind. Last year, we reported the agonizing news that a hospital ransomware attack likely caused a baby’s death by shutting down the heart rate display. Also, the Ponemon Institute Research Report: The Impact of Ransomware on Healthcare During COVID-19 and Beyond revealed that almost a quarter of healthcare organizations hit with a ransomware attack in the last two years said patient death rates increased in the aftermath. The painful reality is that cyber-attacks have evolved: they are still costly and disruptive, but they are now also lethal.
"The painful reality is that cyber-attacks have evolved: they are still costly and disruptive, but they are now also lethal"
In the spirit of focusing on the people in the industry, an overarching concern I want to covey is that amidst the attention-grabbing headlines of colossal supply-chain attacks and exorbitant ransomware demands, there are considerable psychological challenges associated with cyber-attacks.
According to a recent survey by the non-profit Identity Theft Resource Center, 86% of identity theft victims reported feeling worried, angry and frustrated. Approximately 70% felt unsafe and suffered trust issues. More than two-thirds reported feelings of powerlessness or helplessness. In addition, sadness or depression afflicted 59% of victims and approximately half reported losing interest in activities or hobbies they once enjoyed. The survey also revealed that victims of cyber-attacks often wrestle with feelings of vulnerability, experiencing lethargy and disturbed sleep. Oftentimes, people self-medicate with alcohol, drugs or food. Worryingly, the consequences can be more severe, with high levels of depression and anxiety, even post-traumatic stress disorder.
This should be disconcerting to everyone, whether in the industry or outside of it, especially given the parlous threat landscape. Consider the fact that 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86m to US$4.24m on an annual basis, according to IBM’s Cost of a Data Breach Report 2021. The shift to remote working due to COVID-19 directly impacted the cost of data breaches. For example, according to the same report, the average cost of a data breach was US$1.07m higher when remote working was a factor in causing the breach.
Fortunately, taking stock of our mental health need not be a Herculean task. Whether cyber professionals or the general public – we shouldn’t hesitate to seek professional help if we find ourselves experiencing increased psychological distress from cyber-related issues. Realize they are often normal reactions and that you are not alone. However, there is a shift in the industry, with cybersecurity increasingly highlighting the importance of mental health. Indeed, major cybersecurity conferences and publications like ours have put mental health rightfully in the limelight.
This year may present further cyber-related fatalities and considerable mental health distress. While governments, vendors and other organizations work hard to stem the attacker tide, it’s incumbent on the rest of us to ensure we protect our mental health from cyber-attackers and other cyber-related woes. ‘Prevention, detection and remediation’ need not be limited to technology. While 2022 will surely be a challenging year, by ensuring that the industry duly prioritizes the people within it, there’s every possibility that we can weather the storm.