For people working in information security, such as those who are in a security operation center (SOC), the nature of their work is a direct route to professional burnout, which could be as damaging to them as much as it could be to their organization.
The job basically entails looking for anomalies in incoming data, day after day. When an anomaly is detected, things get shaken a bit because there’s an incident to investigate, data to collect, and risk and damage assessments to be made. But juicy cyber incidents are not all that common at companies with state-of-the-art solutions guarding servers, workstations, and the entire information infrastructure.
In a recent study conducted by the Enterprise Strategy Group commissioned by Kaspersky, it showed that 70% of organizations admitted struggling to keep up with the volume of security alerts.
According to the ESG study, apart from the volume of alerts, their wide variety is another challenge for 67% of organizations. This situation has made it difficult for a SOC analyst to focus on more complex and important tasks. In every third company (34%), cybersecurity teams overloaded with alerts and emergency security issues said they don’t have enough time to spend on strategy and process improvements.
“Our experts predict that cyberthreat intelligence and threat hunting will form a vital part of any SOC development strategy. But with this current scenario where SOC analysts are using their time, skills, and energy to handle bad quality IoCs and fighting with unnecessary false positives instead of proactively looking for complex and evasive threats in infrastructure, not only it is an ineffective approach but burnout is inevitable, too,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“Our observations show that in 2023 SOCs will continue facing sophisticated attacks, such as ransomware and supply chain. That means SOC team should be ready to face these threats, and key success factor in preparation will be comprehensive enhancement of different SOC aspects, including fighting with burnout. We recommend that organizations re-think about how to make the tasks of the SOC team more diverse, consider automation solutions and get external expert services to help resolve the companies’ internal issues and save them from possible burnout, along with increasing cybersecurity level”
To streamline the work of a SOC and avoid alert fatigue, Kaspersky shares these tips to companies:
For SMBs and midrange enterprises, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo. Businesses can now enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support. Interested customers can reach out to [email protected].