In honour of Mental Health Week, we wanted to post about this very important subject.  You probably think there is no connection between cybersecurity and mental health but you might be surprised! Our mental state affects our behaviour and impacts the way we perceive and process information. 
 
According to research findings from Cyber Bits Etc., "the current cyber threats are not so much a result of technological advances in adversarial analytics and adversarial AI, but, rather a product of sophisticated social engineering." Social engineering is often used by cybersecurity experts to describe "malicious activities accomplished through human interactions". These activities can include psychological or even behavioural science-inspired manipulations. Social engineering is a range of tricks, which adversaries are using to make us do something we ARE NOT supposed to do or to stop us from doing something we ARE supposed to do." This is where mental health comes into play.
Mental Health and Cybersecurity
 

Mental health issues range from relatively light to severe, but all of them may impact our ability to detect and anticipate cyber threats, and in many ways, determine our ability not only to become a victim of a cyberattack but also to cause serious damage to others through making risky decisions online.

Researchers from the University of Greenwich showed that under normal circumstances your chances of detecting a potential social engineering attack are over 70% which is quite high. Now, consider your propensity to detect the same potential attack if you are fatigued, stressed, feeling down or even depressed. Research does not tell us what the exact probability of, say, clicking on a malicious link in a phishing email would be, it is clear that the chances of you detecting a cyber threat under these circumstances will be significantly reduced.

A lot of the research on mental health has proven that even rather common mental health problems such as stress can impact our neural correlates, which, in turn, affect our memory. So even if we have been through the cybersecurity training, compliance training, and taken special courses on detecting social engineering, when we are stressed, we may have memory lapses that will cause us to click on wrong links! It can also make us forget to check the email origins (email addresses, where the emails we receive originate from) or reply to "obviously" fraudulent messages.

Unfortunately, in today's society the mental health-cybersecurity connection is often overlooked by businesses which tend to concentrate on technological solutions, avoiding the human side of the problem or believing that "zero trust" systems will "fix it all". The survival of every business to a significant extent depends on the ability of employees to effectively deal with a wide range of issues. They cannot effectively detect risks if they suffer from mental health issues (no matter how small or insignificant those issues might seem).

The COVID19 pandemic has increased our awareness of mental health. Many parents were faced with increased demands on their time due to changed childcare arrangements; some people did not have an opportunity to leave their houses or apartments, which affect their emotional state; working from home contributed to longer working days. Since the start of the pandemic, the number of cyber-attacks increased by 300%!!! So unless we do something about the mental health issues now and take them seriously we will continue seeing more and more social engineering attacks in the future.

It is always good to have a good balance in your life.  Think about your workload and take your mental health seriously. If you know that you are overworked or fatigued, take a break. Go for a walk to clear your head, mediate or take a nap of you're tired.  Remember that by doing so you not only help yourself, but you will become more aware of your surroundings and be able to deal with work stress better and ultimately help your company succeed. 

Mental Health Quote

Below is some great advice from one of our partner's blogs, Cisco, on how other techies handle their mental health.

Gary Hibberd | Professor of Communicating Cyber at Cyberfort Group

It’s no good saying, “Don’t answer emails on weekends,” when you yourself are sending emails on weekends! Encourage teams to take time away from their devices, short breaks in the day and holidays. But you must do the same. Lead by example.

Pierce Vasale | Networks Operation Manager

Get a daily walk in. It’s okay even if it’s inside your house, but you should try to go outside for fresh air as much as possible. The walk isn’t just about fresh air and exercise; it’s also a way to clear your mind. As you focus on the things you see outside, you shift your state so that you can eventually come back to your problems, worries, and concerns with a new mindset.

If life is becoming overwhelming, do what my 7-year-old does and take a deep breath; it won’t fix your problems, but it can pause the world for just a few seconds while you recover.

Helen Patton | Advisory CISO at Cisco

A trusting culture starts with authenticity from the most influential person in the group – the “leader.”  This person needs to lead by positive example as well as to be vulnerable, show fears and insecurities, and be human. No one can be 100% “on” all the time. A leader who shows their humanity shows those around them that it’s okay for them to be human, too.

Hunter Sekara | Lead Information Systems Security Officer at SiloSmashers

Allow time for yourself. Find a hobby or something you enjoy such as playing a sport, learning a musical instrument, hiking, or traveling. Doing something that you are passionate about can recharge your physical and emotional batteries.

Cybersecurity is a challenging and demanding industry. We are in the best position to win when employees are happy and engaged as well as when they have a proper work/life balance.

Zoë Rose | Regional and Supplier Information Security Lead at Canon EMEA

The best advice I received about life was from AJ Cook during #ILFest. The advice was to stop holding myself to such high standards. She told me to simply be 100% present instead. If you’re at home, be focused on home. If it’s work, be focused on work. Remove the guilt of feeling like you’re not doing enough. Just be there.

If we want to fix this problem right now, we must listen and take actions to fix our broken foundation together to reduce this threat to our industry and personal lives.

Klaus Agnoletti | Senior Security Architect

Learn mindfulness. Not only does it help to empty your head of stressful thoughts, but it can also help you to stay in balance. It’s important to make time, understand how you feel in yourself, and listen to your mind and body. If you become skilled in that, the chances of you overlooking that you are about to burn out reduce massively. There are some great apps out there that can help such as Calm and Headspace.

Matthew Olney | Director of Talos Threat Intelligence and Interdiction at Cisco

If you’re struggling, speaking to a mental health specialist is something I highly recommend. That person is trained to not only understand what you’re telling them but to also parse it out from the context through which you’re telling them, i.e., from a wounded state. They can extract details and quickly get to the root cause. They can also tell you the name of whatever issue it is you might be experiencing. As someone who’s gone through this process, I’ve found that getting the ‘name’ of that issue is very powerful. It means I have context. I can learn about it. I can be aware of it. And most importantly of all, I can take steps to manage and/or even resolve it.

If you struggle with your mental health and are interested in learning more about cybersecurity a Toronto-area not-for profit agency called Youth Employment Services (YES) that trains disadvantaged and vulnerable youth aged 15 to 29. is offering a cybersecurity course with paid training in conjunction with IBM. Graduates of the free 13-week course will receive an IBM Cybersecurity Analyst Professional Certificate.  You can learn more about the program here.

If you own a business and are overwhelmed with keeping your business secure let us help you.  Book your Complimentary Business Systems Assessment below!