On the frontline: Revealing the personal and professional challenges facing SecOps teams
It’s easy to forget that cybersecurity is fundamentally about people. Attacks are launched by threat actors, phishing emails are opened by employees, and it is your SecOps team that tries, detects, and responds to increasing volumes of these threats. As good as technology systems are, we haven’t reached a point where this defensive work can be automated. So, what happens when your most precious resource, your security team, feels overwhelmed by their workload?
According to new research from Trend Micro, it’s a question that an increasing number of organizations are facing—but few have an answer to. The reality is that under pressure, SecOps teams need better tools to correlate and prioritize alerts, so they can work more efficiently.
On the back foot
Trend Micro’s global study is based on interviews with 2,303 IT security decision-makers in 21 regions working in organizations of all sizes. We found that in Canada, seven in 10 of them are already dealing with a breach or expecting one within the year.
It’s not hard to see why. Today it’s a case of when not if your organization is breached. It’s simply too easy for attackers to phish, crack or buy employee credentials off the dark web. Once inside, they can use legitimate tools to move laterally across corporate networks without being spotted. They have a readymade underground market on which to sell stolen data. And the affiliate ransomware sector is thriving: we detected a 34 per cent year-on-year increase in new ransomware families in 2020.
At the same time, SecOps teams are under-resourced, and many may still be working from home, with all the distractions that entails. The daily threat of major breach-related financial and reputational damage hanging over their work is immense.
Taking its toll
Over the years, organizations have amassed a large number of point products to deal with the escalating cyber-threat—all of which generate siloed events. But there’s little in the way of coordination and correlation of these events into contextual meaningful alerts. We found that nearly half (46 per cent) of Canadian SOT /IT security teams feel overwhelmed by alerts. Even more (52 per cent) admitted they aren’t confident in their ability to prioritize or respond to these alerts. The result: on average SecOps spends 25 per cent of its time dealing with chasing after false positives and meaningless alerts.
This doesn’t just have an impact on the organization’s ability to defend itself. It’s taking a real toll on those on the frontline. Around 50 per cent of Canadian respondents told us they feel emotionally affected by their work. The pressure has become so great that many have:
- Ignored alerts completely and worked on something else (40 per cent)
- Walked away from the computer feeling overwhelmed (46 per cent)
- Turned off alerts (30 per cent)
- Assumed an alert was a false positive (59 per cent)
- Hoped another team member would step in to help (46 per cent)
Technology can help
Cybersecurity might be a people business, but without the right tools to help them, those people will be unable to work effectively. That’s why platforms like Trend Micro Vision One are important. It’s a purpose-built Threat Defence Platform that goes beyond EDR offerings to correlate alerts across emails, servers, cloud workloads, and networks. Crucially, it’s able to prioritize these alerts – in fact, less alerts – so that SecOps users know where to focus their efforts for an optimized, accelerated response.
By providing access to intelligent platforms like Vision One, security leaders can not only reduce attacker dwell time and cyber-risk but also improve the job satisfaction and wellbeing of their employees. At a time of chronic industry skills shortages, that’s reason enough to take a fresh look at threat detection and response.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…