Virtualization Technology News and Information
The Threat of Burnout and Turnover in the SOC - and What to Do About It
By Jacob Olcott, Vice President, Communications & Government Affairs, BitSight 

Long hours on understaffed teams, unceasing vigilance, and opaque security infrastructure is taking its toll on security professionals. And the statistics are daunting: a recent study by The Ponemon Institute and Exabeam found that 65% of IT and security professionals are currently considering leaving their jobs. Stress and burnout with security professional community is emerging as a real threat to corporate security and, unfortunately, these aren't problems that can be fixed with a few deep breaths and a nice vacation.

Many security professionals feel like they're fighting an uphill battle every day without a way to measure their progress. That same Ponemon study also found that over half of IT and security professionals consider their Security Operations Center (SOC) to be ineffectual. This creates ripe conditions for attrition; and without sufficient personnel, organizations are not equipped to effectively prevent and mitigate attacks.

Taking a more proactive, data-driven approach to cybersecurity risk management can help organizations stop the security brain drain caused by burnout. Read on for four main areas businesses should focus on to relieve overworked security teams and more effectively manage and mitigate cyber threats.

Reduce Alert Overload

False positives result in unnecessary, stressful fire drills that drain time and resources. They can also hinder an organization's ability to address real security threats. According to Enterprise Management Associates, more than one in four (27%) security teams experience as many as one million security alerts per day. Manually investigating each alert is a massive resource drain, creating backlogs and allowing breaches to go unnoticed as IT security teams are forced to participate in a never-ending game of whack-a-mole, responding to a flood of false positives.

For example, in the Neiman Marcus data breach of 2013, which compromised more than 1.1 million debit and credit cards, the attack set off approximately 60,000 alerts in the retailer's SOC over three and a half months. Although this number is high, those alerts represented only one percent of the daily entries on Neiman Marcus' protection logs. When SOC professionals are inundated with avoidable alerts, it's easy for threats like these to slip through the cracks.

Obtain Better Visibility into IT Network

Security professionals can't protect and manage what they can't see. Without proper visibility into their IT networks - and the broader business ecosystem that they depend on - they are essentially just guessing where threats might come from next. This puts them in reactive mode, constantly putting out fires with no end in sight. Instead, they need to be able to easily discover and address the biggest issues that are threatening the organization.

Simply adding more tools is not the solution, however. A recent Forrester study of 207 corporate security decision makers found that companies have an average of nine different categories of security technologies in place - and more data gathered by these tools doesn't necessarily lead to better decisions. Often, their tools don't work together, and in addition, those tools are generating too many false positives.

Organizations should look for solutions that provide visibility into vulnerabilities and potential threats across the entire IT ecosystem - both their own internal systems and those of their third-party contractors, partners, and vendors - to manage security risk to more efficiently and effectively and reduce burnout.

Real-time Data on Cyber Risk

Today, organizations need security data that clearly puts risk into business context. SOC professionals need a roadmap to follow that begins with real-time visibility into the critical areas they actually need to worry about most, such as third-party risk (where 59% of breaches come from), mobile application security, and endpoint security.

Organizations also need the ability to drill down deeper into the specific risk vectors that impact their business, industry, and other peer groups directly in order to prioritize security tasks that will have the biggest impact on improving their security performance and posture.

With real-time risks and vulnerability metrics that provide a pulse on security performance, security teams can quickly align their processes to business outcomes. According to the Forrester report, 74% of C-Level respondents believe improved security performance measurement would improve company financial performance and 52% said it would reduce overall risk.

Use Automation Effectively

Automation is also critical to reducing burnout in the SOC. Automating repetitive workflows and security processes, such as continuous cybersecurity monitoring, enables security professionals to reduce risk with the skills they already have available.

Meanwhile, automation also frees up time for security professionals to learn new skills and focus on more strategic tasks for the business. The end result is improved job satisfaction, a more skilled staff and better retention rates for the organization.

Given today's high rate of cybersecurity turnover, and the ensuing threat to corporate security, organizations can't afford to ignore these effective methods of supporting frontline security employees to avoid burnout. While working in the security industry will always be a demanding profession, reducing the onslaught of false positive alerts, improving visibility into infrastructure, providing real-time cyber risk data, and automating monotonous monitoring activities wherever possible can help ease the pressure - and put organizations in a better position to reduce risk and quickly respond to potential threats.


About the Author

Jake Olcott 

Jake Olcott is Vice President at BitSight Technologies, where he helps organizations benchmark their cybersecurity programs using quantitative metrics. Olcott speaks and writes about the role of directors, officers and executives in cyber-risk management. He served as Cybersecurity Attorney to the Senate Commerce Committee and House Homeland Security Committee. He also managed a cybersecurity consulting practice. He is an Adjunct Professor at Georgetown University. He holds degrees from the University of Texas at Austin and the University of Virginia School of Law.

Published Tuesday, November 05, 2019 7:39 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2019>