Almost a third (29%) of IT professionals will be too busy to take time off during the holiday season this year – and of those that can, half (50%) will spend their time off worrying about work, according to new research conducted by Unified Security Management™ and crowd-sourced threat intelligence leader, AlienVault®.
The research, which surveyed 464 IT professionals globally about their working lives, demonstrates how a shortage of skilled IT professionals is creating stress and worry for those working in the sector. Over half (53%) believe that their colleagues are overworked and overstretched, and over a third (41%) report having unfilled vacancies in their teams for a month or more during the last year.
Javvad Malik, security advocate at AlienVault, explains: “The festive season has traditionally been a time when the vast majority of people take time off to spend with their families. But a combination of workplace pressures, the IT skills shortage, and our growing dependence on mobile computing is all forcing a cultural change for those working in IT.
“The tech sector has long had a reputation for being a high-stress field, where employees are decently compensated but are often overworked and held to strict standards by their supervisors. But the overall business reliance on technology is turning IT teams into an emergency service for many organizations – particularly during the holiday period, when customers may still be using online systems to conduct transactions.”
The findings are the latest evidence in a continuing trend of IT professionals working in challenging conditions. A 2015 research report by AlienVault, which surveyed the attitudes of over 600 IT professionals in how they were being treated at work, found that almost two-thirds (63%) had missed a wedding, funeral or similarly important family occasion in order to resolve a work issue. The vast majority of respondents (91%) also stated that they had come into work when sick to ensure that a project did not fail.
Cutting corners with IT security breaches
Another reason for IT teams suffering from stress at work could be that a fifth of respondents (21%) believe that when a security breach happens, those who work in IT teams are blamed.
But when it comes to reporting data breaches, an alarming number of IT professionals are cutting corners with security by trying to cover them up, rather than reporting them. While the majority (84%) said they would report a breach, even if it wasn’t mandatory, an alarming 14% said they would cover it up, provided it wasn’t related to regulated data. And even more worryingly, 2% said they would cover it up, even if the breach did include regulated data.
Javvad Malik explains: “A surprising number of IT teams are clearly willing to bend the rules in order to get their jobs done. As workloads get busier, they may not have the time to nitpick through every scenario. But this can be a dangerous path, because they could find themselves in the firing line when things go wrong.
“Anyone who tries to cover up a security breach is playing with fire, and with GDPR on the horizon, it is only a matter of time before they get burnt.”
Friends and bosses get away without following security procedures
Another troubling gap in workplace security is that IT professionals are allowing their friends and bosses to bypass security controls or IT processes for work purposes, such as copying data onto unapproved external media. Of those that admitted to this, the majority (54%) said that they would only turn a blind eye if the people involved were higher up than them in the organization, while the remainder (46%) would apply this principle to all situations, believing that sometimes you have to turn a blind eye to let people do their work.
Javvad Malik continues, “While the debate about Hillary Clinton’s use of a private email server continues, this survey shows that a considerable number of IT teams would turn a blind eye if their colleagues wanted to do something similar – particularly if the people involved were higher up than them in the organization. The truth is that many IT professionals simply don’t have the authority to question their superiors, so organizations that are serious about protecting their overall security need to think carefully about how they can empower IT teams in order to do their jobs effectively.”