This last year has been a challenge for the security operations centers (SOC) They have seen how the perception of the team management was completely different from that of the professionals of the organizations. In fact, 40% of staff say that a lack of leadership and support at the executive level has become the main barrier to success, as pointed out by the latest SOC Perfomance Report by the Ponemon Institute for Devo.
The report highlights the discrepancies between the executive and the staff of the SOC teams that assess the situation of the last year in a completely different way. Thus, half of the executives evaluated their SOC as very effective while less than 40% of the personnel value it in such a way. In addition, more than half of the executives undermined their SOC’s research capacity, compared to a third of professionals who gave it a high score.
«The growing lack of perception about the efficiency of SOCs among operations managers and professionals should be seen as a warning sign of persistent frustrations, which can certainly have implications for the effectiveness of SOCs and retention of assets. own professionals », comments Gunter Ollmann, CSO of Devo, adding: “Whether it’s due to complacency or because of continuing to explore new ways of working and hiring staff in the last year, organizations can’t afford to stagnate in developing your own defenses against a growing barrage of attacks. It seems that, although they have weathered the storm in recent years, organizations need a ‘boost’ in both their leadership and their resources to continue building a better defense with an eye on everything to come. “
In addition, the reality is that staff exhaustion has not decreased, feeling more and more pressure due to information overload, which has only increased in recent times, leading half of SOC teams to mention lack of talent as a major impediment for companies and more than 60% admit to lacking visibility in the IT infrastructure. This shows once again which are the areas that require special attention and training, as well as a combination of appropriate technology.
«Companies have spent the last decades adding cybersecurity technology capabilities that increase the volume of alerts to the SOC »says Jim Routh, Board Member, Advisor, and Former CISO. «Business leaders need to spend the next decade improving their data analytics skills and infrastructure to reduce the volume of cyber alerts and make more actionable alerts through data science and automation.
Finally, the report highlights that 70% of professionals affirm that information overload is the main reason why working at the SOC makes it sometimes distressing, followed by a lack of resources (58%) and an inability to capture actionable intelligence (56%), which has led 63% of surveyed staff to consider changing jobs. career or quit your job.
