It’s easy to forget that cybersecurity is fundamentally about people.
Attacks are launched by threat actors, phishing emails are opened by employees, and it is SecOps teams that have the important task of detecting and responding to increasing volumes of these threats. As good as technology systems are, we haven’t got to the point where all of this defensive work can be automated. So what happens when your security team feels overwhelmed by their workload?
According to new research from Trend Micro, it’s a question an increasing number of organisations are facing. The reality is that under pressure SecOps teams need better tools to correlate and prioritise alerts, so they can work more efficiently.
On the back foot
Trend Micro’s study found that two-thirds (66%) of Australian IT security decision makers are already dealing with a breach or expecting one within the year.
It’s not hard to see why. SecOps teams are under-resourced and many may still be working from home. The daily threat of major breach-related financial and reputational damage hanging over their work is immense. It’s simply too easy for attackers to phish, crack or buy employee credentials off the dark web. Once inside they can use legitimate tools to move laterally across corporate networks without being spotted.
Taking its toll
Over the years, organisations have amassed many point products to deal with the escalating cyber-threat—all of which generate alerts. But there’s little in the way of co-ordination and correlation of these signals. We found that three in five (60%) of SecOps teams feel overwhelmed by alerts and 43% admit that they aren’t entirely confident in their ability to prioritise and respond to them. The result: on average SecOps spends 26% of time dealing with false positives.
This doesn’t just have an impact on the organisation’s ability to defend itself. It’s taking a real toll on those on the frontline. Two thirds (66%) of respondents told us they feel emotionally affected by their work. The pressure has become so great that many have:
1. Ignored alerts completely and worked on something else (45%)
2. Walked away from the computer feeling overwhelmed (49%)
3. Turned off alerts (45%)
4. Hoped another team member would step in to help (57%)
Technology can help
Cybersecurity is typically described in terms of people, process and technology. However, people are often portrayed as a vulnerability rather than an asset, and technical defences are prioritised over human resilience. We must restore our investment in our human security assets. That means caring for our colleagues and teams, and ensuring they have tools that allow them to focus on what humans do best.
Cybersecurity might be a people business, but without the right tools to help them, those people will be unable to work effectively. To avoid losing their best people to burnout – especially as Australia and New Zealand face ongoing cybersecurity talent shortages – organisations must look to more sophisticated threat detection and response platforms that can intelligently correlate and prioritise alerts.
SecOps teams need purpose-built threat detection solutions that go beyond most XDR offerings to correlate alerts across emails, servers, cloud workloads and networks. By providing access to intelligent systems, security leaders can not only reduce attacker dwell time and cyber-risk, but also enhance analyst productivity and job satisfaction levels. Fewer alerts and stronger intelligence allow teams to regain balance in their work life and ease the emotional toll of security.