While most people will be enjoying yet another Labor Day weekend, many cybersecurity professionals will either be glued to screens in an office combatting attacks or, at the very least, furtively monitoring their smartphones to evaluate the severity of the latest alert they just received. In effect, Labor Day like most holidays for far too many cybersecurity professionals winds up being just another day at the proverbial office.
A survey of 50 analysts working in security operations centers (SOCs) published this week by CriticalStart, a provider of a platform for delivering managed security services to endpoints, provides some insight into the toll burnout is starting to take have on cybersecurity teams. More than 80% of the SOC analysts reported that their SOC has experienced somewhere between 10% to over 50% analyst staff churn in the past year, with nearly half reporting 10-25% turnover.New survey: an increasing number of SOC analysts say their primary job responsibility is simply to 'reduce the time it takes to investigate alerts.” ~ @mvizard #CyberSecurityClick To Tweet
A major factor behind all churn is that 70% of the analysts said they investigate 10+ alerts each day, a 25% increase from the same survey conducted a year earlier. Over three quarters (78%) said it takes 10 or more minutes to investigate each alert, up from 64% the previous year. Nearly half the respondents said the false-positives being generated by those alerts is 50% or higher. In fact, the survey finds five times as many SOC analysts this year said they believe their primary job responsibility is simply to “reduce the time it takes to investigate alerts.” The number of respondents that feel their main job responsibility is to analyze and remediate security threats has dropped from 70% to 41% year over year.
Despite the high level of SOC turnover, however, only 38% of respondents say their SOC either tries to hire more analysts or simply decided to turn off high-volume alerting features deemed too noisy.
Sadly, nearly half of respondents also say they get 20 or fewer hours of training per year. It’s hard to know how many SOCs are simply relying on on-the-job training versus having a formal program. However, in the absence of a formal training program, it is little wonder why many analysts start to look for another opportunity.Many SOC analysts get 20 or fewer hours of training per year. ~@mvizardClick To Tweet
Of course, given the competition for cybersecurity analysts salary is likely to be a significant factor whenever an analyst decides to take a new job. Nevertheless, many IT professionals would be much more inclined to stay where they if they determine the culture of the organization they currently work for is more conducive to achieving their long-term career goals.
It’s clear throwing bodies at cybersecurity is an expensive proposition. Salaries for cybersecurity professionals continue to increase. When the cost of labor is added to the cost of all the platforms required to secure an IT environment are added up, it’s understandable why a backlash against the total cost of cybersecurity is starting to build. It may be a while before organizations will be able to leverage automation and artificial intelligence (AI) to do something about those costs but rest assured that day will come. The doesn’t mean there will no longer be a need for cybersecurity professionals, but it does mean the burnout factor associated with cybersecurity jobs should eventually be dramatically reduced.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.