Security alert volumes leave SOC teams highly-strung

SOC and IT security teams are suffering from high levels of stress outside of the working day, with alert overload a prime culprit, a new study from Trend Micro reveals.

The study, which polled 2,303 IT security and SOC decision makers across companies of all sizes and verticals, showed that 70% of respondents say their home lives are being emotionally impacted by their work managing IT threat alerts. 

This comes as the majority (51%) feel their team is being overwhelmed by the volume of alerts and 55% admit that they aren’t entirely confident in their ability to prioritize and respond to them. It’s no wonder that teams are spending as much as 27% of their time dealing with false positives.

Outside of work, the high volumes of alerts leave many SOC managers unable to switch off or relax, and irritable with friends and family. Within work, they cause individuals to turn off alerts (43% do so occasionally or frequently), walk away from their computer (43%), hope another team member will step in (50%), or ignore what is coming in entirely (40%).

“We’re used to cybersecurity being described in terms of people, process and technology. All too often, though, people are portrayed as a vulnerability rather than an asset, and technical defenses are prioritised over human resilience,” said Victoria Baines, cybersecurity researcher and author. 

“It’s high time we renewed our investment in our human security assets. That means looking after our colleagues and teams, and ensuring they have tools that allow them to focus on what humans do best,” said Baines.

With 74% of respondents already dealing with a breach or expecting one within the year, and the estimated average cost per breach US$235,000, the consequences of such actions could be disastrous.

“To avoid losing their best people to burnout, organizations must look to more sophisticated threat detection and response platforms that can intelligently correlate and prioritize alerts,” said Bharat Mistry, technical director for Trend Micro. “This will not only improve overall protection but also enhance analyst productivity and job satisfaction levels.”