We Can Save Security Teams From Crushing Workloads. Will We?
Today, the processing of mountain-high stacks of alarms is considered "security." That system is failing customers and the cybersecurity workforce.
In one of my first jobs, I worked as a file clerk. I would arrive early in the morning to be greeted by a mountain-high stack of manila folders to process. I would spend the day knocking down the pile, only to be greeted by a new one the next day. It was clear that I was never going get ahead in that job.
Recently, I read a cybersecurity provider's infographic that depicts the logs from 350,000 machines feeding a security information and event management (SIEM) system, resulting in a data lake consisting of 1.1 billion security events. An artificial intelligence detection layer, employing thousands of algorithms, processes those billions of events into an investigation layer and visualization platform.
My first thought was, it's that clerk job all over again! How can a security operations center (SOC) team possibly get ahead in this environment? At a time when SOCs are more critical than ever, SOC analysts have never been stretched so thin from the relentless, reactive, and "always on" mode their job demands. As a result, the cybersecurity industry is in danger of losing a generation of talented analysts because of low morale, crushing workloads, and new security products that are built upon outdated approaches.
There is already a well-documented shortage of qualified security personnel today. According to the "(ISC)2 Cybersecurity Workforce Study," the shortage is estimated to reach 2.72 million globally. Increased workloads are a major contributor to burnout in our industry. In a survey conducted last fall, 51% of professionals surveyed were kept up at night by the stress of their jobs, and nearly half were working more than full-time hours.
Security teams are drowning in a sea of alert fatigue, incident response workload, and false positives. In today's cybersecurity ecosystem, the processing of mountain-high stacks of alarms is considered "security." That system is simultaneously failing customers and the cybersecurity workforce. Indeed, a recent study shows 45% of all daily security alerts are false positives, and 75% of organizations spend an equal amount — or more — on false positives than on legitimate attacks. In a multicontinent survey of security experts, 74% claimed their volume of false positives was steady or rising and 26% shared they "turn off alerts because they are too noisy." It comes as no surprise, therefore, that in 2022, many IT professionals are leaving their jobs — and the industry entirely.
Cybersecurity professionals are charged with protecting vital business as well as personal and national interests. With the average cost of a data breach now at an all-time high of $4.35 million and 83% of organizations having experienced more than one breach, the impact these professionals bring to the business is clear. A dearth of qualified people will only make the challenges of maintaining our vital interests more difficult, creating a terrible cycle. Providing the best work environment possible to retain and attract highly skilled professionals must become our highest priority as it is essential for long-term business success.
Better Tools
The problem cannot be solved by raising a few salaries. Instead, a transformative new approach is needed in which cybersecurity professionals have access to better tools and technologies so they can apply their talents and energies to address their actual priorities instead of chasing seemingly endless false positives and security alerts that lead nowhere and do not result in better organizational security. Not only will such a cybersecurity workforce be more fulfilled, but they will also be able to maintain a realistic work-life balance as well as deliver tangible value to business. Without this twofold approach to industry reform, we will continue to see the best and the brightest reconsider their chosen field and look elsewhere for opportunity, resulting in a massive destabilization of infrastructure.
We must immediately embrace new approaches that focus on prevention at scale and offer technologies that dramatically reduce incident response and false alerts. As singer-songwriter John Mayer describes gravity, "Twice as much ain't twice as good." Reducing the flood of alerts will make room for much-needed focus. Embracing a preventative approach will free up cybersecurity professionals to address their real priorities: protecting their clients, defeating malicious attackers, maintaining secure business continuity, and delivering more business value.
Cybersecurity professionals should be outthinking and outmaneuvering adversaries rather than being mired in alerts. The resulting security and protection will provide even more benefit to their organizations. It is possible to create a future for the cybersecurity industry that allows professionals to lead balanced lives while maintaining fulfilling careers without sacrificing the safety of critical networks.
Even though cyber threats continue to evolve and increase, forward-leaning organizations that embrace new, preventive approaches are benefiting from superior security, better business results, and meaningful, impactful work for their talented cybersecurity professionals. Employ a new preventative approach. Reduce the noise. Create better outcomes. Retain your best talent.
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024