To say that we are in the midst of a difficult period for CIOs and CISOs would be a little bit like saying the Grand Canyon is a hole in the ground—a dramatic understatement, to say the least. In truth, cybersecurity decision makers are dealing with unprecedented challenges. Large scale data breaches continue to pile up, leaving those organizations that haven’t experienced a major hack to wonder when—not if—they will be victimized.
To make matters worse the pool of information security experts is not growing nearly fast enough to keep up with demand for these professionals, creating a massive talent deficit. On this blog, we have discussed the fact that between the thousands of alerts organizations are handling each day and the skills shortage, staffing up in the SOC, by itself, is no longer a viable cybersecurity strategy. To make up for the fact that hiring new analysts is not a cure-all, SOCs must automate some of their high-volume, low complexity tasks.
But what about retaining the security experts already on staff, the ones who know the organization’s processes and procedures like the backs of their hands? Automated security operations can be helpful in this regard as well. Put simply, most security analysts got into information security to hunt for potential threats and develop creative ways to mitigate them. They did not enter the industry to work for hours every day on repetitive tasks like:
- Alert classification
- False positive identification
- Ticket generation
- Email notification
- Report generation
A recent Damballa study found that organizations are wasting an average of 395 hours each week chasing false negative/positive alerts. Spending that amount of time on these repetitive tasks will eventually hurt morale, as analysts begin to feel their positions are monotonous and no longer allow them to be creative. Low morale leads to employee turnover, which considering the aforementioned talent shortage—not to mention the costs associated with the onboarding process—quickly become a major headache.
Automated security operations, however, can remove the burdensome repetitive tasks from engineers’ shoulders and allow them to focus more on more intriguing and organizationally beneficial tasks like creating new processes and training junior team members. And an engaged employee is one more likely to stay with an organization for the long term.