According to a survey carried out by Ponemon Institute between March and April of 2020, 60% of SOC (Security Operations Center) team members are considering changing careers due to burnout.
The yearly survey showed that despite an increase in SOC funding, the most important problem still persists: an overload of work causing burn out in team members.
The survey, which asks IT team members in organizations that have an SOC, gained 5% this year when asked on the importance of investing in having an SOC to bring it up to 72%. The average annual cyber security budget also rose to $31 million, up $6 million from last year. SOC teams represent more than one third of that budget on average.
SOC Team member barriers
Despite some positive results from the survey, there are some worsening universal problems facing SOC teams.
The major areas of increasing issues:
- 70% suffer a lack of visibility into the IT infrastructure (up from 65%)
- 64% combat turf or silo issues between IT and the SOC (up from 57%)
- 71% need greater automation (up from 67%), especially as they continue to spend substantial manual cycles on tasks such as alert management (47%), evidence gathering (50%), and malware protection and defense (50%)
- Environmental factors are driving substantially higher pain, including information overload (67%, up from 62%), burnout from increased workloads (75%, up from 73%) and “complexity and chaos” in the SOC (53%, up from 49%)
Skills shortage
At the heart of most of these top issues is a major skills shortage issue. More than 50% of respondents answered they are affected by this. Skill shortage is not, however, the biggest factor in causing these SOC team barriers and issues. It is a mixture of misalignment of people, process and technology that is causing the entire process to be inefficient.
- 40% of organizations stated they have too many tools but more than half do not have access to all of the important data or the ability to capture needed intelligence.
- 76% of these organizations agree on the importance of training their personnel but the biggest problem over 50% of them face is not having a formal training program in place. Additionally, more than 50% lack employees with skills for SOC efficiency.
- The average time to resolve an incident remains unacceptably high at 39% providing further details that on average it takes months or even years to resolve incidents.
What can be done to alleviate SOC pain
Despite the major issues and effects of burn out, high performing SOC teams continue to prove how beneficial SOC teams can be to organizations and their efforts should be applauded. When asked what can be done to fix the most major of these issues, the top 3 answers were Work Flow Automation (71%), advanced analytics/machine learning (63%), and access to more out of the box content (55%).
When asked to discuss the findings, Julian Waits of Devo said “Even more troubling, 69% say that experienced analysts would quit the SOC because of stress. It’s clear that significant reforms must be made to achieve greater SOC efficiency and engagement—with less analyst stress—especially in the face of a new economic normal that will likely constrain investments for some time to come.”