SOC Stress: The Security Threat That Nobody is Talking About
Stress and burnout is emerging as perhaps the biggest threat to corporate security. Long hours, alert overload, and a lack of visibility into their IT infrastructure have many security professionals reconsidering their chosen careers.
This is contributing to a massive cybersecurity skills shortage that is creating real security threats at companies across the globe. There are close to three million open and unfilled cyber vacancies around the world. Meanwhile, a majority of organizations cite a “problematic shortage” of cyber skills, and a new report from the Ponemon Institute has found that 65% of IT and security professionals are considering quitting due to burnout.
Reports like these should serve as bright red warning lights to everyone in a company, from Board members and CEOs down to Security Operations Center (SOC) managers. Everyone needs to take a strategic approach to addressing the problems emanating from the burnout brain drain. Without the right personnel, organizations can’t deploy the right resources, controls, and processes to prevent and mitigate attacks.
In short, they’ll be even more vulnerable than they are right now. That can’t happen. Organizations need to proactively tackle SOC stress. Here’s how.
Understand the causes
In an interview with Dark Reading, Julian Waits, general manager for security analytics firm Devo, which sponsored the Ponemon study, says the incomplete visibility into systems and threats is a major issue. Waits said that: "Going to work each day and knowing you've been compromised” can be enormously stressful for security professionals, but that “knowing” is compounded by the fact that most do not know how their organizations have been compromised.
Take the Neiman Marcus data breach during the busy 2014 holiday season, for example. The attack that compromised more than 1.1 million debit and credit cards set off about 60,000 alerts in the retailer’s SOC during the three-and-a-half month attack. This represented around 1% or less of the daily entries on protection logs. Unless the SOC knew what type of alert to look for, it would be a miracle for them to find it.
Know that money isn’t enough
In the face of growing threats, higher fines for breaches, and increased competition for cybersecurity talent, CEOs are throwing more and more money at relieving the knock-on effects of burnout in the SOC. And, in a red-hot job market, security pros can name their price. It’s not unusual for CISOs to command as much as $6.5 million in salary and profit sharing, with many jumping from job to job to attain that level of compensation.
Despite this investment, less than one-third of the security budget of most organizations is used for the Security Operations Center. This lack of adequate funding, combined with employee burnout, has a real impact on the efficacy of the SOC. Ponemon finds that over half of IT and security professionals consider their SOC ineffectual.
Lacking visibility into their IT networks, security professionals in the SOC continue to play a game of whack a mole. Constantly reacting to the next threat, yet never reaching the finish line. It can sometimes feel like a kid’s soccer game – instead of playing defined positions and following a strategic playbook, everyone is just running around chasing the ball.
As Waits also said in that Dark Reading article, "What's disturbing to me is analysts spend so much time chasing things but the least amount of time thinking strategically.”
Create a roadmap supported by automation
Burnout, scarce security resources, and the threat of digital breaches can’t be solved by dollars alone. Companies must find a way to approach security strategically and give the SOC a roadmap to follow so they’re not constantly guessing where the next attack is coming from. This will also ensure that security operations teams recognize that their leadership has their back, should a cyber attack occur.
This begins with understanding the risk vectors that security managers need to worry about most, such as third party risk (where 59% of breaches originate), mobile application security, endpoint security, and so on. With real-time visibility into first- and third-party risk and vulnerabilities, CISOs and executives can quickly identify the vectors that represent the greatest threat to their businesses and begin to align their SOCs and security procedures to business outcomes.
Automation can also help reduce burnout in the SOC. Automated workflows and security processes enable CISOs to better utilize the skills and people they already have. Repetitive tasks such as continuous cybersecurity monitoring functions, for example, are prime candidates for automation, and can reduce cyber risks while freeing teams to learn new cyber skills and focus on more strategic tasks – all of which can improve job satisfaction and retention rates.
Develop a playbook for success
The role of the security professional will always be a high pressure one. He or she is inquisitive, compelled to solve problems, quick thinking, inventive, and persistent – pressure is part of the job.
But burnout and a compulsion to quit due to stress are serious problems that threaten the entire organization’s security posture and need to be managed at the leadership level. With insight into where the true security problem lies and a playbook for mitigating those risks, organizations can relieve pressure on the SOC, put an end to burnout, and bolster their cybersecurity postures.