Cybersecurity Under Strain of SecOps Pain Points

If there was ever any doubt that cybersecurity is mission-critical to any organization, the wave of recent tech layoffs from which cybersecurity professionals emerged largely unscathed disproves it completely. Ironically, despite being a hot commodity, there’s a reason that security operations center (SOC) teams have stayed short-staffed. Not only that, they have to contend with a tangle of challenges and the weight of higher stakes bearing down on them: A single intrusion can escalate to a full-scale attack and have far-reaching effects on business continuity, as a data breach can now cost businesses an average of $4.35 million. The pressures of the job have made it so that approximately 30% of cybersecurity professionals will consider leaving within the next two years from burnout alone. Such work-related stress goes all the way up the ladder, with 25% of cybersecurity leaders predicted to switch jobs by 2025.

Owing to an evolving threat landscape, gaps in the cybersecurity workforce have plagued the industry for years, as the right skill set has been a moving target. If decision-makers are to avert a mass exodus of their top talent, they should be aware of the hurdles wearing SOC analysts thin on the front lines:

Defenders struggle to keep up with a bloated attack surface

Mitigating cyber risk is a tall order for today’s enterprises, whose security teams are tasked with managing an overload of detections on various fronts. Gone are the days of a defensible security perimeter built around on-premises work, thanks to digital transformations inevitably brought about by emerging technologies like 5G connectivity, machine learning, and the cloud. One unexpected change, however, was the work-from-home (WFH) setup that quickly became commonplace at the onset of the Covid-19 pandemic — and with it a barrage of new endpoints that needed continuous monitoring. Home offices exposed enterprises to more risks, as evidenced by the accompanying rise in threats like business email compromise (BEC) and phishing attacks. In turn, SOC teams have since had to strike a delicate balance between imposing security measures that keep company data under tight guard while also without impeding employee productivity.

To keep pace with this growth, companies have had to use as many as 29 security monitoring products on average — a tool sprawl compounded by organizational size, considering that those with 10,000 employees tend to have nearly 46 tools in place. It’s no wonder IT security leaders are overwhelmed, with 73% concerned over an ever-expanding digital attack surface and another 43% believing that the problem has grown out of control.

The good news is that more enterprises are coming around to the value in a strong security stack, with 64% of businesses intending to invest more in cybersecuritywithin the year. In the long run, however, funding more controls meant to help might become a hindrance: Alert fatigue is taking a toll on already-understaffed security teams who have to sift through all the noise of false positives to zero in on the real dangers. These are notorious for being a time sink (it takes at least 10 minutes to investigate each one) and despite defenders’ best efforts, research shows that due to the sheer volume of these alerts, 44% of them are still left uninvestigated.

Visibility across a growing number of assets is paramount to SOC success

The deployment of business-critical infrastructure across increasingly complex environments has created more blind spots that can rapidly become an attacker’s playground. Meanwhile, security teams could struggle to map out an attack surface further obscured by shadow IT. Since its onset in 2020, the pandemic has exacerbated the dependence of businesses on third-party tools and applications — especially cloud-based ones — to stay productive. However, over half of these apps are business-led purchasing decisions that bypassed IT teams’ evaluation processes: a fact that has left security leaders grappling with a lack of visibility hanging over them. 

This, on top of managing a multitude of security vendor solutions to protect these layered and hybrid systems, means security practitioners have at best a tenuous grasp of the expanding borders of enterprise technology. Disparate point solutions make a challenge out of making inventories of or manually auditing a company's digital assets, so a comprehensive view of its IT ecosystem is predicated on breaking down product siloes first.

Without much-needed oversight of complex IT architectures, many security teams are flying blind in the face of mounting cyber risks, making it difficult for them to mend security gaps and respond to emerging threats in time. Visibility plays a foundational role in an organization’s security posture and its bottom line. The average breach life cycle spans 287 days, and resolving it racks up higher costs the longer a breach goes undiscovered. An organization’s time and resources are therefore better spent putting threats in the wider context of a risk-management approach rather than on purely reactive defenses. However, until they have access to the real-time, in-depth insights needed to do so, SOC teams will be stuck putting out fires where they can.

Risks known and unknown abound, especially in a company’s cloud infrastructure

As a distributed workforce became the norm, enterprises fast-tracked cloud migration to support remote or hybrid work models. As a result of businesses racing to modernize their systems by building cloud-first infrastructure, more than 60% of all corporate data worldwide is now reportedly in the cloud. Although this transformative technology has the potential to future-proof operations for a broad cross-section of businesses, its security practitioners have to deal with the growing pains that come with increased connectivity. According to last year’s Thales Cloud Security Report, only 25% of the surveyed IT professionals who entrusted their sensitive data to the cloud claimed they could classify all the data stored there.

This reliance on cloud-based infrastructure puts a new spin on age-old pain points. Some security professionals claim to receive over 500 daily alerts for public cloud environments, further complicating the risk prioritization process. As enterprises find their footing in a cybersecurity frontier reshaped by the cloud (where knowledge gaps become chasms), their security teams should be prepared to fend off new, unknown attack vectors that malicious actors might exploit: In a cloud-based environment, attacks could come from any direction, not to mention it’s easy to be caught unaware when, this year alone,   security practitioners are overseeing an average of 334 individual Cloud Service Provider (CSP) accounts. It falls on SOC teams to familiarize themselves with this new terrain fast, especially knowing that their tools are set to completely integrate cloud security functions in the next three years.

Security practitioners need to be positioned to make informed decisions as part of an adaptive and vigilant security strategy that will not only be infused in all aspects of their organization but also lead to centralized visibility, a reliable means of quantifying risk, and active support from the C-level. In the next installment of this three-part series, we offer a deep dive into the sophisticated cyberthreats that modern-day SOCs face and the techniques necessary to contain them.