{"id":119296,"date":"2020-09-30T15:00:38","date_gmt":"2020-09-30T22:00:38","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=119296"},"modified":"2020-09-30T12:07:21","modified_gmt":"2020-09-30T19:07:21","slug":"secops-analyst-burnout","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/09\/secops-analyst-burnout\/","title":{"rendered":"The 2020 State of Security Operations: Assessing Analyst Burnout"},"content":{"rendered":"<p><i><span style=\"font-weight: 400;\">This is the second blog in our <\/span><\/i><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/tag\/stateofsecops\/\"><i><span style=\"font-weight: 400;\">State of SecOps<\/span><\/i><i><span style=\"font-weight: 400;\"> series<\/span><\/i><\/a><i><span style=\"font-weight: 400;\"> discussing critical insights from The 2020 State of Security Operations report from Forrester Consulting. In this blog, we\u2019ll take a deeper dive into the top challenges facing today\u2019s security operations center (SOC), including analyst burnout.<\/span><\/i><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">87% percent of today\u2019s decision makers are extremely concerned about external cyber attacks targeting their organization according to <\/span><a href=\"http:\/\/start.paloaltonetworks.com\/forrester-2020-state-of-secops.html\"><span style=\"font-weight: 400;\">The 2020 State of Security Operations<\/span><\/a><span style=\"font-weight: 400;\"> study by Forrester Consulting. And they likely should be, given the study\u2019s finding that:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">79% of respondents have experienced a cyber breach within the past year, and 50% in just the last six months.<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">28% of all alerts are never addressed by analysts.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Despite the substantial resources enterprises dedicate to cybersecurity, cybercriminals are too often winning the war \u2013 proving to be relentless, and growing more sophisticated and adept at breaching an organization\u2019s data. The financial fallout of these attacks can be enormous. According to Forrester Research, the average data breach <\/span><a href=\"https:\/\/www.forrester.com\/report\/Your+Guide+To+Cyberinsurance\/-\/E-RES137808\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">costs as much as $7 million per incident<\/span><\/a><span style=\"font-weight: 400;\">. And a <\/span><a href=\"https:\/\/newsroom.accenture.com\/news\/accenture-and-ponemon-institute-report-cyber-crime-drains-11-7-million-per-business-annually-up-62-percent-in-five-years.htm\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">report from Accenture and the Ponemon Institute<\/span><\/a><span style=\"font-weight: 400;\"> revealed that cyberattacks cost businesses an average of $11.7 million each year, a 62% increase over five years. Security operations processes are not working \u2013 and they\u2019re burning analysts out.\u00a0\u00a0\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Siloed Data and Manual Processes Are the Killers of SOC Productivity<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In this study commissioned by Palo Alto Networks, Forrester Consulting found that the<\/span> <span style=\"font-weight: 400;\">average security operations team receives over <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/09\/state-of-security-operations\/\"><span style=\"font-weight: 400;\">11,000 alerts per day<\/span><\/a><span style=\"font-weight: 400;\">. The vast majority of these alerts must be manually processed, which significantly slows down a company\u2019s alert triage process. 77% of decision makers recognize <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/01\/cortex-secops-strategies\/\"><span style=\"font-weight: 400;\">the negative impact manual processes have<\/span><\/a><span style=\"font-weight: 400;\"> on their analysts\u2019 ability to mitigate and prevent attacks:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The majority of an analyst\u2019s time, almost 70%, is spent on investigating, triaging or responding to alerts.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Less than one-third of their time is focused on <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/06\/cortex-start-threat-hunting\/\"><span style=\"font-weight: 400;\">threat hunting<\/span><\/a><span style=\"font-weight: 400;\"> \u2013 where analyst expertise really makes an impact \u2013 and process improvements to increase security efficiency and effectiveness.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">SOCs Can\u2019t Keep Up\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Security analysts are being asked to fight a fire with a garden hose. Only 47% of respondents say their organizations are able to tackle most or all of the security alerts they receive in a single day.<\/span> <span style=\"font-weight: 400;\">The other 53% report struggling in several ways:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">20% of alerts are manually reviewed\/triaged by an analyst.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Almost one-third of all alerts are false positives.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Perhaps most frightening, as noted at the beginning of this blog: 28% of alerts are never addressed by analysts because the volume is simply too high for them to keep up.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">SOCs were already overwhelmed by attacks before the COVID-19 crisis emerged. The <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/07\/unit-42-cybercrime-gold-rush\/\"><span style=\"font-weight: 400;\">pandemic has thrown gas on the fire<\/span><\/a><span style=\"font-weight: 400;\">, giving cybercriminals new opportunities to breach organizations. Meanwhile, SOC analysts are taking on new tasks in their struggle to support a growing mobile workforce. <\/span><span style=\"font-weight: 400;\">One <\/span><a href=\"https:\/\/thehill.com\/policy\/cybersecurity\/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">FBI spokesperson was quoted as saying<\/span><\/a><span style=\"font-weight: 400;\"> that cybersecurity complaints to the Bureau\u2019s Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. <\/span><a href=\"https:\/\/www.gartner.com\/smarterwithgartner\/gartner-top-9-security-and-risk-trends-for-2020\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">Gartner has indicated<\/span><\/a><span style=\"font-weight: 400;\"> that responding to COVID-19 remains the biggest challenge facing most SOCs in 2020.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Security Analysts Are Burning Out<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The increasing pressure on security analysts to protect their organizations against cyberattacks is taking its toll. They are working longer hours, taking on additional pressures and reporting higher levels of stress. According to Forrester Consulting:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">96% of analysts say they feel significant personal impact after cybersecurity breaches.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Over one-third of respondents report feeling anguish and losing sleep as a result of attacks.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">These highly skilled first responders are burning out. It\u2019s becoming very personal for them, and that too poses a risk to organizations. <\/span><span style=\"font-weight: 400;\">A recent survey of over 3,000 CISOs and senior cybersecurity decision makers <\/span><span style=\"font-weight: 400;\">shows that <\/span><a href=\"https:\/\/www.zdnet.com\/article\/cybersecurity-staff-burnout-risks-leaving-organisations-vulnerable-to-cyberattacks\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">almost two-thirds of cybersecurity professionals have considered quitting their jobs<\/span><\/a><span style=\"font-weight: 400;\"> (64%) or leaving the industry altogether (63%). And 76% of cybersecurity leaders already believe there is a <\/span><a href=\"https:\/\/www.securitymagazine.com\/articles\/92312-of-cybersecurity-leaders-face-skills-shortage\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">shortage of cybersecurity skills<\/span><\/a><span style=\"font-weight: 400;\"> in their company.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The International Information System Security Certification Consortium (ISC)\u00b2 says the demand for skilled security professionals is one of the biggest challenges facing the cybersecurity industry today, with <\/span><a href=\"https:\/\/www.isc2.org\/-\/media\/ISC2\/Research\/2018-ISC2-Cybersecurity-Workforce-Study.ashx?la=en&amp;amp;hash=4E09681D0FB51698D9BA6BF13EEABFA48BD17DB0%5Ch\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">2.93 million positions open<\/span><\/a><span style=\"font-weight: 400;\"> around the world. And it\u2019s estimated that number will <\/span><a href=\"https:\/\/www.esg-global.com\/esg-issa-research-report-2018?utm_campaign=Cybersecurity%202019&amp;utm_source=slider\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">grow to an astounding 3.5 million<\/span><\/a><span style=\"font-weight: 400;\"> by 2021. With an industry deficit of skilled security analysts, and with projections for that gap continuing to widen, companies can\u2019t afford to lose the talent they already have.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Take a New Approach to Cybersecurity\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">To get in front of cyberattackers and empower security analysts to be effective, organizations need to find ways to reduce the burdens of manual work on their analysts with more holistic and intelligent deployments of analytics and automation. Watch for our third blog in <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/tag\/stateofsecops\/\"><span style=\"font-weight: 400;\">this series<\/span><\/a><span style=\"font-weight: 400;\">, where we\u2019ll take a deeper dive into the impact of security complexity on business outcomes, and explore opportunities and best practices for optimizing your SOC.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To learn more, download the full Forrester Consulting report: <\/span><a href=\"https:\/\/start.paloaltonetworks.com\/forrester-2020-state-of-secops.html\"><span style=\"font-weight: 400;\">The 2020 State of Security Operations<\/span><\/a><span style=\"font-weight: 400;\">, and check out the top-line results from the report in <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/resources\/infographics\/cortex-forrester-2020.html\"><span style=\"font-weight: 400;\">an interactive infographic<\/span><\/a><span style=\"font-weight: 400;\">. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The 2020 State of Security Operations report found that security operations centers are overwhelmed with alerts. The result? Analyst burnout.<\/p>\n","protected":false},"author":657,"featured_media":112812,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6765,6770],"tags":[356,7218,7298,232],"coauthors":[6810],"class_list":["post-119296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-enterprise","category-secure-the-future","tag-forrester","tag-security-operations","tag-stateofsecops","tag-trends","sec_ops_category-must-read-articles"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/06\/Hunter.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/119296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/657"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=119296"}],"version-history":[{"count":2,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/119296\/revisions"}],"predecessor-version":[{"id":119298,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/119296\/revisions\/119298"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/112812"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=119296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=119296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=119296"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=119296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}