Security Analysts: We know you're overworked, understaffed, and we understand it's not your fault. It is humanly impossible to keep up with the ever-expanding threat landscape, especially considering how busy you are with daily execution tasks in your security operations center (SOC). We want you to know that you are not alone.
The gap in cyber security skills is getting worse
According to research carried out by the Enterprise Strategy Group, almost 51% of organizations reported a “lack of skill” in cybersecurity. Cybersecurity work fatigue is real and, according to the ESG, almost 38% of security professionals said that skills shortages led to exhaustion and staff strain. If you are waiting for your job to magically become easier, you must rethink, as the situation is only getting worse.
Of course, cyber security skills shortages and an ever-expanding threat landscape are valid excuses, but they will not pay the bills when & #8211; and do not & #8211; a data breach occurs. The Ponemon Institute found that the average total cost of a data breach rose from US $ 3.62 to US $ 3.86 million in 2018, an increase of 6.4% from 2017.
Shorter waiting times mean lower costs.
Also sAccording to Ponemon, organizations that identified a breach in less than 100 days saved over 1 million U$ compared to those that exceeded 100 days. Similarly, organizations that managed to contain a breach in less than 30 days saved more than 1 million U$ compared to organizations that took more than 30 days to resolve.
Simple, right? Identify the violation quickly and contain it to save your organization money. However, doing this when you receive more than 1 million daily security alerts is a daunting task even for the best analysts. For those of you who are not security analysts, imagine having to sort and filter out a million emails in your inbox every day to find out which actions require and which junk.
As a result, 30% of respondents in an Imperva survey admitted to having ignored certain alert categories, while 4% completely disabled alert notifications. In addition, 56% admitted to ignoring a warning based on past experiences dealing with false positives.
Why Should You Adopt Intelligence in Security Operations Center?
So how do you combat this fatigue in cyber security work? Your best bet is to partner with artificial intelligence (AI) to force your team's efforts at the security operations center to multiply. Here's how to do it:
- Automate incident analysis.
- Do not waste human capital on routine analysis. Instead, let AI automate your repetitive SOC tasks while your team focuses on mission-critical decisions, such as suspicious behavior from insider threats.
- Increase human intelligence.
- Update your SOC using AI to automatically find commonalities between incidents using cognitive reasoning to provide actionable feedback with context for your analysts.
- Respond quickly to threats.
- Reduce wait times with automated indicator search and add pertinent information to perform escalation and / or block escalations.
* Umberto Rosti is Chairman of Safeway.
Safeway can help you implement a smart SOC. Contact us and we will detail this service.