This article first ran in Security Magazine on 17 August 2022.
Burnout is rampant in IT, with 2 in 5 professionals at high risk, according to the State of Burnout in Tech Report 2022. Managed Service Providers (MSPs) are acutely affected by the factors driving IT burnout. Cybersecurity is arguably the biggest of those factors, with one survey finding that up to 95% of cybersecurity professionals are “experiencing factors that make them more likely to resign in the next 12 months”.
Not Just Workers Are Burned Out
MSP Owners are also getting burnt out. One such owner turned to Reddit to voice their frustration. “It was just a few years ago when I couldn’t wait for Monday,” they said. “These days it’s a different story.”
They pointed out the stress caused by cybersecurity FUD (fear, uncertainty, and doubt).“Icing on the cake is our insurance agent is always scaring me half to death with all the stories about MSPs getting sued because they didn’t install every latest and greatest cybersecurity solution for their client.”
Security Is ‘the Big One’ in MSP Burnout
Burnout might have reached peak public attention during the pandemic, but it hasn’t gone away. IT workers cite constantly being on call, excessive workloads, feeling a lack of control, and a lack of adequate intrinsic or extrinsic rewards as the main factors leading to burnout. In all of these aspects, cybersecurity outdoes itself.
Firstly, the consequences of failure in security are stress-inducing. The potential legal, financial, and, reputational damages can be far-reaching. Anyone who has lived through incident management following a serious breach or ransomware attack can tell you that it can be days of very little sleep and some of the highest stress levels you can experience. An unexpected alert can mean dropping whatever you are doing to start remediation.
Cybersecurity can be significantly more complex than other IT services. Many tools are complex, not intuitive, and clamor for attention with endless false alerts. Amid all the vendor over-sell, it can be hard to discern between what’s providing value and what’s just hype.
Cybersecurity is a marathon, not a sprint. Often operators need to jump between multiple screens and spend time prioritizing and researching every alert. If an operator runs this race to perfection their work goes unnoticed, while failure can be public and devastating.
Relieving MSP Burnout – With Cybersecurity
As much as cybersecurity is emblematic of MSP Burnout, it can also provide relief. Here are a few ways to fight fire with fire.
Consolidate your offering. Some opportunities will deliver minuscule upsides while demanding lots of time and initial investment. Delivering every latest-and-greatest cybersecurity tool is incredibly taxing. Monitor the time you are spending on each tool and the value that it is delivering. One way you can do that is by looking at the number of compromises that the security system is producing and how that number changes over time. If you can’t measure your cybersecurity system, you can’t improve it.
Set security expectations for your clients. Set a baseline of what you expect your client to do to keep themselves safe, and if necessary provide training on it. Here’s an example of a baseline that an MSP sets for their clients.
Look for security solutions that provide a multi-view. Many cybersecurity solutions are built for enterprises and not with MSPs in mind. MSPs need to be able to see what’s happening at all of their clients from a single screen. Screen fatigue is common in IT, but portal fatigue at MSPs is to be reckoned with. Look for tools that integrate with your existing IT service management solution. The more data on the ticket, the better.
Take advantage of automation. Repetitive tasks can be automated away, but automating incident remediation can save a lot of stress. You can gain peace of mind by setting up your system so that any incoming attack is immediately blocked. For example, contact with a known bad location never ends well, so blocking that access is obvious and lends itself to automation. That means that operators can spend more time with their families before managing the mitigation of the threat during business hours.
Take Advantage of Technology
Cybersecurity is guilty of some of the worst trends in IT. Complexity, high stakes, and excessive support demands make it one of the leading causes of MSP burnout. Despite advances, the work of cybersecurity professionals is only getting harder. I can only urge you to take advantage of those technologies and vendors that seek to reverse the trend.
At Lumu we recognize the unique challenges faced by MSPs. That’s why we built Lumu for MSPs to help them control the impact of cybercrime at SMBs with real-time detection of compromises and integrations for remediation optimized for maximum operational efficiency that junior staff can operate and get to ground truth quickly—all from a single pane of glass.