Study: More than half of SOC employees complain that work has a negative impact on their private life. Trend Micro's new study reveals the impact understaffed security operations centers and alerting overload can have on employee mental health.
Trend Micro, one of the world's leading providers of cybersecurity solutions, publishes the results of a new study. This shows that SOC and cybersecurity teams suffer from a high level of stress beyond their day-to-day work. In particular, the overload of alerts is a major trigger for this. This is shown by the report "Security Operations on the Backfoot: How poor tooling is taking its toll on security analysts".
Interviewed: 2.300 IT security and SOC decision-makers
In the study, for which 2.303 IT security and SOC decision-makers from companies of different sizes and industries were surveyed, 59 percent of respondents from Germany (70 percent worldwide) stated that their private life is emotionally affected by their work. This results from the fact that half of them (50 percent, 51 percent worldwide) have the impression that their team is overwhelmed by the multitude of warnings about threats. Furthermore, 59 percent of the German participants (55 percent worldwide) admit that they are not entirely sure of the ability of their company to correctly prioritize reports and to react to them appropriately. Those responsible in German security teams stated that 26 percent (27 percent worldwide) of their work can be traced back to false positives.
These results are confirmed by a recent Forrester study, according to which cybersecurity teams for incident and response are severely understaffed, although they are increasingly confronted with attacks. Security Operations Centers (SOCs) are therefore dependent on a more effective method for detection and response. XDR (Extended Detection and Response) takes a fundamentally different approach than other tools on the market.
SOC managers can no longer switch off
In their free time, many SOC managers are unable to switch off due to the large number of warnings. This can lead to tension in friends and family. At work, the inundation of alerts causes SOC employees to deactivate warnings (38 percent in Germany, 43 percent worldwide, say they do so occasionally or frequently) to temporarily leave their computer workstation because they feel overwhelmed (34 percent in Germany, 43 percent worldwide), to hope that another team member will take over (43 percent of Germans, 50 percent worldwide) or to ignore incoming messages entirely (32 percent in Germany, 40 percent worldwide).
Too often people viewed as a weak point
"We are used to cyber security being described as the interaction of the human, process and technology factors," explains Dr. Victoria Baines, cybersecurity researcher and author. “All too often, however, people are viewed as a vulnerability rather than an asset, and technical security measures are prioritized over human resilience. It's high time we reinvested in our human security resources. That means taking care of our people and teams and ensuring they have the tools to allow them to focus on what people do best.”
74 percent have already faced a security incident
Since 66 percent of respondents from Germany (74 percent worldwide) have either already faced a security incident or are expecting one within this year, the overload could have serious consequences. After all, the respondents expect that in the event of a security incident with a data protection breach, their company would face fines of around 155.000 euros - in addition to any damage that may have occurred.
SOC employees play a crucial role in defending against cyberattacks
“By managing and responding to threat alerts, SOC employees play a critical role in defending against cyberattacks and protecting their businesses from potentially damaging security incidents. But as the study shows, this pressure is sometimes associated with considerable health costs, ”says Richard Werner, Business Consultant at Trend Micro. “To avoid burning out their best employees over time, companies need to rely on more advanced detection and response platforms that can intelligently correlate and prioritize alerts. This not only improves the overall level of protection, but also increases the productivity and job satisfaction of the analysts. "
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.
Matching articles on the topic
Further information
For more information, see the Security Operations on the Backfoot: How poor tooling is taking its toll on security analysts report, which you can download here.