A new survey has quantified the impact of the cybersecurity crisis on the SOC.
The survey, which polled nearly 500 SOC professionals, found that 71% of analysts experience some level of burnout.
Further, the survey found that reporting, monitoring and detecting are the tasks taking up the most time.
Breaking it down even more, here are the tasks that analysts say they spent the most time on:
- 46% spend the majority of their time on monitoring
- 38.2% spend the majority of their time on intrusion detection; 13.3% spend the majority on general detection
- 17.3% spent the majority of their time on phishing triage and response
- Incidentally, this is also the SOC's least favorite activity.
The main ways that SOC professionals would want to alleviate this is through more automation and fewer false positives. Alerts are coming fast and furious. In a post-delivery system, when the alert is sent to the SOC it does not tell the Security Professionals that everything is fine and the attack was evaded. On the contrary, it tells them that their end-user was exposed to an attack and they need to investigate whether the end-user fell victim to that attack.
Consider this story. In one of our customers that had us replace their email response API tool, an end-user received a phishing email from “IT”, and like most, got a new email notification to his phone. Although the email was quarantined, the notification was not (and cannot). Aside from the bad user experience, that end-user reached out to IT support and asked to send it again because he couldn’t find it. IT responded they did not send anything, assumed it was phishing and asked the end-user if he clicked the link. This was 24 hours after the email was delivered— the end-user could not remember what he did, and the IT, as good security professionals should, reset his password just in case. It’s a story of everyone doing their job and acting responsibly. Well, everyone but the email security solution that should have blocked it before the inbox and save everyone’s time.
The SOC is vital to keep organizations safe. Having them burn out is not a recipe for safety. Providing them with the right tools and resources to get the job done without making life miserable is essential.