This is the second blog in our State of SecOps series discussing critical insights from The 2020 State of Security Operations report from Forrester Consulting. In this blog, we’ll take a deeper dive into the top challenges facing today’s security operations center (SOC), including analyst burnout.
87% percent of today’s decision makers are extremely concerned about external cyber attacks targeting their organization according to The 2020 State of Security Operations study by Forrester Consulting. And they likely should be, given the study’s finding that:
- 79% of respondents have experienced a cyber breach within the past year, and 50% in just the last six months.
- 28% of all alerts are never addressed by analysts.
Despite the substantial resources enterprises dedicate to cybersecurity, cybercriminals are too often winning the war – proving to be relentless, and growing more sophisticated and adept at breaching an organization’s data. The financial fallout of these attacks can be enormous. According to Forrester Research, the average data breach costs as much as $7 million per incident. And a report from Accenture and the Ponemon Institute revealed that cyberattacks cost businesses an average of $11.7 million each year, a 62% increase over five years. Security operations processes are not working – and they’re burning analysts out.
Siloed Data and Manual Processes Are the Killers of SOC Productivity
In this study commissioned by Palo Alto Networks, Forrester Consulting found that the average security operations team receives over 11,000 alerts per day. The vast majority of these alerts must be manually processed, which significantly slows down a company’s alert triage process. 77% of decision makers recognize the negative impact manual processes have on their analysts’ ability to mitigate and prevent attacks:
- The majority of an analyst’s time, almost 70%, is spent on investigating, triaging or responding to alerts.
- Less than one-third of their time is focused on threat hunting – where analyst expertise really makes an impact – and process improvements to increase security efficiency and effectiveness.
SOCs Can’t Keep Up
Security analysts are being asked to fight a fire with a garden hose. Only 47% of respondents say their organizations are able to tackle most or all of the security alerts they receive in a single day. The other 53% report struggling in several ways:
- 20% of alerts are manually reviewed/triaged by an analyst.
- Almost one-third of all alerts are false positives.
- Perhaps most frightening, as noted at the beginning of this blog: 28% of alerts are never addressed by analysts because the volume is simply too high for them to keep up.
SOCs were already overwhelmed by attacks before the COVID-19 crisis emerged. The pandemic has thrown gas on the fire, giving cybercriminals new opportunities to breach organizations. Meanwhile, SOC analysts are taking on new tasks in their struggle to support a growing mobile workforce. One FBI spokesperson was quoted as saying that cybersecurity complaints to the Bureau’s Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. Gartner has indicated that responding to COVID-19 remains the biggest challenge facing most SOCs in 2020.
Security Analysts Are Burning Out
The increasing pressure on security analysts to protect their organizations against cyberattacks is taking its toll. They are working longer hours, taking on additional pressures and reporting higher levels of stress. According to Forrester Consulting:
- 96% of analysts say they feel significant personal impact after cybersecurity breaches.
- Over one-third of respondents report feeling anguish and losing sleep as a result of attacks.
These highly skilled first responders are burning out. It’s becoming very personal for them, and that too poses a risk to organizations. A recent survey of over 3,000 CISOs and senior cybersecurity decision makers shows that almost two-thirds of cybersecurity professionals have considered quitting their jobs (64%) or leaving the industry altogether (63%). And 76% of cybersecurity leaders already believe there is a shortage of cybersecurity skills in their company.
The International Information System Security Certification Consortium (ISC)² says the demand for skilled security professionals is one of the biggest challenges facing the cybersecurity industry today, with 2.93 million positions open around the world. And it’s estimated that number will grow to an astounding 3.5 million by 2021. With an industry deficit of skilled security analysts, and with projections for that gap continuing to widen, companies can’t afford to lose the talent they already have.
Take a New Approach to Cybersecurity
To get in front of cyberattackers and empower security analysts to be effective, organizations need to find ways to reduce the burdens of manual work on their analysts with more holistic and intelligent deployments of analytics and automation. Watch for our third blog in this series, where we’ll take a deeper dive into the impact of security complexity on business outcomes, and explore opportunities and best practices for optimizing your SOC.