Security team analysts feeling the stress

Poor tooling is taking its toll on security analysts.

Over recent years, security and business leaders have had to modify their expectations of what effective cybersecurity can achieve. Long gone are the days when all resources were poured into protecting the corporate network perimeter. Thanks to widespread adoption of cloud infrastructure and services, BYOD and now mass remote working, that perimeter is far more fluid, flexible and porous.

Security operations centre (SOC) and IT security teams in Australia and New Zealand are suffering from high levels of stress outside of the working day—with alert overload a prime culprit.

According to the study, two thirds (66 per cent) of respondents say their home lives are being emotionally impacted by their work managing IT threat alerts.

This comes as three in five (60 per cent) feel their team is being overwhelmed by the volume of alerts and 43 per cent admit that they aren’t entirely confident in their ability to prioritise and respond to them. It’s no wonder therefore that teams are spending on average 26 per cent of their time dealing with false positives.

These findings are corroborated by a recent Forrester study, which found that security teams are heavily understaffed when it comes to incident response, even as they face more attacks. SOCs need a more-effective method of detection and response; thus, XDR takes a dramatically different approach to other tools on the market today.

Outside of work, the high volumes of alerts leave many SOC managers unable to switch off or relax, and irritable with friends and family. Inside work, they cause individuals to turn off alerts (45 per cent do so occasionally or frequently), walk away from their computer (49 per cent), hope another team member will step in (57 per cent), or ignore what is coming in entirely (45 per cent).

“We’re used to cybersecurity being described in terms of people, process and technology”, said Dr. Victoria Baines, Cybersecurity Researcher and Author. “All too often, though, people are portrayed as vulnerability rather than an asset, and technical defences are prioritised over human resilience. It’s high time we renewed our investment in our human security assets. That means looking after our colleagues and teams, and ensuring they have tools that allow them to focus on what humans do best.”

The bad news for SecOps managers is that this alert overload is having a material impact on the quality of life of their staff. About 70 per cent of respondents said they feel emotionally affected by their work.

Many claimed that they:

  • Are unable to relax due to stress
  • Find their downtime ruined by their inability to switch off
  • Are irritable with friends and family
  • Just 28 per cent of SOC teams said they are able to fully switch off Forget about work after clocking off

The number of alerts flooding the SecOps team is so great that large numbers of respondents have said that they’ve frequently or occasionally:

  • Ignored alerts completely and worked on something else (40 per cent)
  • Walked away from the computer feeling overwhelmed (43 per cent)
  • Turned off alerts (43 per cent)
  • Just assumed an alert was a false positive (49 per cent)
  • Hoped another team member would step in to help (50 per cent)

Respondents admit to:

  • Ignoring alerts completely and working on something else (40 per cent)
  • Assuming alerts were false positives (43 per cent)
  • Hoping another team member would step in to help walking away from the computer (49 per cent)
  • Feeling overwhelmed (50 per cent)
  • Turning off alerts (43 per cent)

 

 

 

Tags:

Leave a Comment

Related posts