There’s a lot of focus these days on the shortage of cybersecurity personnel given all the job openings that are going unfilled. However, the question that doesn’t get asked enough is do all those job openings exist today because the cybersecurity challenge has truly increased or are they more a reflection of how inefficient cybersecurity processes are today.
A small sample survey of 50 cybersecurity professionals working in security operation centers (SOCs) conducted by CRITICALSTART, a provider of managed security services, suggests the latter issue plays a much bigger role than the organization realizes or may care to admit. A full 70% of respondents said they investigate 10+ security alerts each day, up from 45% a year ago. A total of 78% of respondents also noted it takes on average 10 minutes to investigate each alert. Aggravatingly, the survey finds nearly half those alerts wind up being false-positives that over time lead to increased fatigue. The more fatigued a team is the more likely it becomes they will miss the one alert that might truly make a crucial difference.
The survey notes the respondents that feel their main job responsibility is to analyze and remediate security threats has dropped dramatically from 70% last year to 41% this year as analysts see their role becoming more focused on reducing alert investigation times or the volume of alerts. Not surprisingly, 38% of respondents admit to turning off high-volume alerting features when they start to become overwhelmed. An equal number (38%) respondents report their organizations are trying to hire more analysts to deal with the volume.
At the same time, it’s also worth noting about half the respondents said they receive 20 or fewer hours of training per year.
Put it all together, and it quickly becomes apparent cybersecurity processes are not all that efficient. Not only is the signal to noise ratio too high, but cybersecurity professionals also are not always as well trained as they should ideally be for anything beyond whatever occurs on the job. In fact, a separate survey of 1,324 cybersecurity professionals conducted by Cynet, a provider of tools for discovering cybersecurity breaches, suggests most organizations are focused on hiring entry-level cybersecurity staff as part of an effort to throw bodies at all the alerts being generated. The survey also suggests this is why cybersecurity salaries remained constrained despite the apparent skills shortage, as most of the open positions being posted are entry-level.
Of course, many IT leaders are hoping that one day soon artificial intelligence (AI) technologies will one day reach a level of level of maturity that may cover what appear to be a multitude of process sins. The probability of that occurring in the short term, however, are slim to none.
In the meantime, cybersecurity teams would be well-advised to at the very least reexamine existing cybersecurity processes. In addition to introducing higher levels of automation, there’s a high probability there are some tools in place that are more trouble than their worth. In the final analysis, the real insider threat within many organizations all too often winds up being simple inertia.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.