This is the second blog in our State of SecOps series discussing critical insights from The 2020 State of Security Operations report from Forrester Consulting. In this blog, we’ll take a deeper dive into the top challenges facing today’s security operations center (SOC), including analyst burnout.
87% percent of today’s decision makers are extremely concerned about external cyber attacks targeting their organization according to The 2020 State of Security Operations study by Forrester Consulting. And they likely should be, given the study’s finding that:
Despite the substantial resources enterprises dedicate to cybersecurity, cybercriminals are too often winning the war – proving to be relentless, and growing more sophisticated and adept at breaching an organization’s data. The financial fallout of these attacks can be enormous. According to Forrester Research, the average data breach costs as much as $7 million per incident. And a report from Accenture and the Ponemon Institute revealed that cyberattacks cost businesses an average of $11.7 million each year, a 62% increase over five years. Security operations processes are not working – and they’re burning analysts out.
In this study commissioned by Palo Alto Networks, Forrester Consulting found that the average security operations team receives over 11,000 alerts per day. The vast majority of these alerts must be manually processed, which significantly slows down a company’s alert triage process. 77% of decision makers recognize the negative impact manual processes have on their analysts’ ability to mitigate and prevent attacks:
Security analysts are being asked to fight a fire with a garden hose. Only 47% of respondents say their organizations are able to tackle most or all of the security alerts they receive in a single day. The other 53% report struggling in several ways:
SOCs were already overwhelmed by attacks before the COVID-19 crisis emerged. The pandemic has thrown gas on the fire, giving cybercriminals new opportunities to breach organizations. Meanwhile, SOC analysts are taking on new tasks in their struggle to support a growing mobile workforce. One FBI spokesperson was quoted as saying that cybersecurity complaints to the Bureau’s Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. Gartner has indicated that responding to COVID-19 remains the biggest challenge facing most SOCs in 2020.
The increasing pressure on security analysts to protect their organizations against cyberattacks is taking its toll. They are working longer hours, taking on additional pressures and reporting higher levels of stress. According to Forrester Consulting:
These highly skilled first responders are burning out. It’s becoming very personal for them, and that too poses a risk to organizations. A recent survey of over 3,000 CISOs and senior cybersecurity decision makers shows that almost two-thirds of cybersecurity professionals have considered quitting their jobs (64%) or leaving the industry altogether (63%). And 76% of cybersecurity leaders already believe there is a shortage of cybersecurity skills in their company.
The International Information System Security Certification Consortium (ISC)² says the demand for skilled security professionals is one of the biggest challenges facing the cybersecurity industry today, with 2.93 million positions open around the world. And it’s estimated that number will grow to an astounding 3.5 million by 2021. With an industry deficit of skilled security analysts, and with projections for that gap continuing to widen, companies can’t afford to lose the talent they already have.
To get in front of cyberattackers and empower security analysts to be effective, organizations need to find ways to reduce the burdens of manual work on their analysts with more holistic and intelligent deployments of analytics and automation. Watch for our third blog in this series, where we’ll take a deeper dive into the impact of security complexity on business outcomes, and explore opportunities and best practices for optimizing your SOC.