Overwhelmed Security Team? Here’s How You Can Help Them

To avoid alert fatigue, Kaspersky shares some tips to companies

0
778

Feeling exhausted from monotonous tasks, becoming less focused at work, or feeling negative or cynical about one’s job? These are symptoms of burnout and practically anyone in the workplace has already experienced this at some point in their life. In fact, it’s so pervasive now that the World Health Organisation (WHO) already classified it as an occupational phenomenon.

For people working in information security, such as those who are in a security operation centre (SOC), the nature of their work is a direct route to professional burnout, which could be as damaging to them as much as it could be to their organisation.

The job basically entails looking for anomalies in incoming data, day after day. When an anomaly is detected, things get shaken a bit because there’s an incident to investigate, data to collect, and risk and damage assessments to be made. But juicy cyber incidents are not all that common at companies with state-of-the-art solutions guarding servers, workstations, and the entire information infrastructure.

In a recent study conducted by the Enterprise Strategy Group commissioned by Kaspersky, it showed that 70% of organisations admitted struggling to keep up with the volume of security alerts.

According to the ESG study, apart from the volume of alerts, their wide variety is another challenge for 67% of organisations. This situation has made it difficult for a SOC analyst to focus on more complex and important tasks. In every third company (34%), cybersecurity teams overloaded with alerts and emergency security issues said they don’t have enough time to spend on strategy and process improvements.

“Our experts predict that cyberthreat intelligence and threat hunting will form a vital part of any SOC development strategy. But with this current scenario where SOC analysts are using their time, skills, and energy to handle bad quality IoCs and fighting with unnecessary false positives instead of proactively looking for complex and evasive threats in infrastructure, not only it is an ineffective approach but burnout is inevitable, too,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“Our observations show that in 2023 SOCs will continue facing sophisticated attacks, such as ransomware and supply chain. That means SOC team should be ready to face these threats, and key success factor in preparation will be comprehensive enhancement of different SOC aspects, including fighting with burnout. We recommend that organisations re-think about how to make the tasks of the SOC team more diverse, consider automation solutions and get external expert services to help resolve the companies’ internal issues and save them from possible burnout, along with increasing cybersecurity level”

To streamline the work of a SOC and avoid alert fatigue, Kaspersky shares these tips to companies:

  • Organise work shifts within the SOC team to avoid overworking staff. Ensure all key tasks are distributed across people such as monitoring, investigation, IT architecture and engineering, administration and overall SOC management.
  • Practices such as internal transfer and rotation as well as automating routine operations and hiring outside data-monitoring experts can help manage the situation of having an overwhelmed staff that could lead to SOC burnout.
  • Use proven threat intelligence service that enables the integration of machine-readable intelligence into your existing security controls, such as a SIEM system, to automate the initial triage process and generate enough context to decide if the alert should be investigated immediately.
  • To help free up your SOC from routine alert triage tasks, use a proven managed detection and response service, such as Kaspersky Extended Detection and Response or XDR platform, a multi-layered security technology that protects IT infrastructure. XDR is considered a more advanced version of endpoint detection and response (EDR). Whereas EDR focuses on endpoints, XDR focuses more broadly on multiple security control points to detect threats more quickly, using deep analytics and automation. The products and solutions that make up XDR are: Kaspersky EDR Optimum, Kaspersky EDR Expert, Kaspersky Anti-Targeted Attack Platform, Kaspersky Managed Detection and Response, and Kaspersky Incident Response.