Monthly Archives: August 2019

Two-thirds of security workers consider quitting because of burnout

Larry Ponemon

Security Operations Centers (SOC) are an increasingly important part of organizations’ efforts to keep ahead of the latest cybersecurity threats. However, for a variety of reasons revealed in this research, organizations are frustrated with their SOC’s lack of effectiveness in detecting attacks.

A SOC is defined as a team of expert individuals and the facility in which they work to prevent, detect, analyze and respond to cybersecurity incidents. Critical to the SOC’s success is support from the organization’s senior leaders, investment in technologies, and the ability to hire and retain a highly skilled and motivated team. The purpose of this research is to understand the barriers and challenges to having an effective SOC and what steps can be taken improve its performance.

Sponsored by Devo Technology, Ponemon Institute surveyed 554 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. Their primary tasks are implementing technologies, patching vulnerabilities, investigating threats and assessing risks.

While respondents consider the SOC as essential or important, most respondents rate their SOC’s effectiveness as low and almost half say it is not fully aligned with business needs. Problems such as a lack of visibility into the network and IT infrastructure, a lack of confidence in the ability to find threats and workplace stress on the SOC team are diminishing its effectiveness.

“The survey findings clearly highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout and overall SOC ineffectiveness,” said Julian Waits, General Manager of Cyber, Devo. “It is critical that businesses make the SOC a priority and evolve its effectiveness by empowering analysts to focus on high-impact threats and improving the speed and accuracy of triage, investigation, and response.”

The following findings reveal why organizations have SOC frustration 

  • The visibility problem: The top barrier to SOC success, according to 65 percent of respondents, is the lack of visibility into the IT security infrastructure and the top reason for SOC ineffectiveness, according to 69 percent, is lack of visibility into network traffic.
  • The threat hunting problem: Threat hunting teams have a difficult time identifying threats because they have too many IOCs to track, too much internal traffic to compare against IOCs, lack of internal resources and expertise and too many false positives. More than half of respondents (53 percent) rate their SOC’s ability to gather evidence, investigate and find the source of threats as ineffective. The primary reasons are limited visibility into the network traffic, lack of timely remediation, complexity and too many false positives.
  • The interoperability problem: SOCs do not have high interoperability with the organization’s security intelligence tools. Other challenges are the inability to have incident response services that can be deployed quickly and include attack mitigation and forensic investigation services.
  • The alignment problem: SOCs are not aligned or only partially aligned with business needs, which makes it difficult to gain senior leadership’s support and commitment to providing adequate funding for investments in technologies and staffing. Further, the SOC budget is inadequate to support the necessary staffing, resources, and investment in technologies. On average, less than one-third of the IT security budget is used to fund the SOC and only four percent of respondents say more than 50 percent of the cybersecurity budget will be allocated to the SOC.
  • The problem of SOC analyst pain: IT security personnel say working in the SOC is painful because of an increasing workload and being on call 24/7/365. The lack of visibility in to the network and IT infrastructure and current threat hunting processes also contribute to the stress of working in the SOC. As a result, 65 percent say these pain factors would have caused them to consider changing careers or leave their job and many respondents say their organizations are losing experienced security analysts to other careers or companies.
  • As a result of these problems, the mean time to resolution (MTTR) can be months. Only 22 percent of respondents say resolution can occur within hours or days. Forty-two percent of respondents say the average time to resolve is months or years.

Read the rest of this report at Devo Technologies.

Has tech killed attention? Why listening with your whole body helps, with Annie Murphy Paul

Bob Sullivan

One of my favorite subjects is the problem of shortened attention spans and the fallacy of multitasking in the digital age.  Tech competes for our eyes and ears perhaps thousands of times each day.  The average worker only gets a few moments to focus on something without being interrupted.  Even lovers look at smartphones during intimate conversations.

This is not a world I want to live in, and I bet you don’t, either.  With rare exceptions, multitasking isn’t multitasking at all — rather, it’s rapid task switching. Plenty of studies show (including my own research conducted with Carnegie  Mellon University) that people who are doing two things at once simply underperform at both tasks.

Into this complex subject steps Annie Murphy Paul, one of the great science writers of our time. We were lucky to have Annie on our latest episode of “So, Bob…” She’s done extensive research into the science of being smart, and if you listen to her, I believe you will actually feel smarter. You will definitely feel that she is both a great speaker and a great listener.  In case you can’t listen at this moment, I’ve included a couple of highlights below — but when you can, please listen to the podcast. As long as I’m not interrupting something.

On listening with your whole self

“One thing that we get away from in the use of technology is the body,” Annie told me. “We become this disembodied head that you know, is just looking at a screen. And so I find that when I talk to someone that I’m close to or, even when I interview someone I try to be in my own body and aware of the feelings and the sensations that are coming up in me as I talk to that other person and I try to assume a state of being both calm and alert and being open to whatever I’m feeling from the other person. And that’s the basis of, of empathy, when you are using your own body as an instrument to understand the other person.

On the myth of multitasking

“Looking at several streams of information or entertainment while students are studying is, seems almost universal. My own children’s elementary school classes do it and I know that the students, the college students that I’ve taught do it and they all think they can do it well, and that’s the rub because we don’t have a very good sense of our own proficiency at paying attention and we may not be aware, but it is the case that when we’re trying to pay attention to many things at once, we work more slowly, we, we make more errors and we don’t perform at the same level that we would if we were paying attention to just one thing. So I think in terms of what teachers and parents and others who are concerned about kids should be thinking about it’s, it’s instilling in them the habit of mono tasking of just doing one thing at a time.

On taking ‘tech breaks’ – giving kids set times to check their phones, then put them away

The idea is to have an expanding length of time between tech breaks. So it might be 15 minutes at the start and then half an hour and then 45 minutes. And, the idea behind it is first of all, to break the habit of checking every 30 seconds or every minute and sort of lengthen that amount of time that kids are able to go without checking or even thinking of checking.

On why book are better

The fact that paper books have no notifications and no dings and beeps or anything, it’s actually makes it a superior form of equipment. And I think that that was something humans got right a long time ago.