97% of cyber analysts are worried they will miss security events, with 71% admitting their organisation may have been compromised and they don’t know about it yet.
That’s according to a study by Vectra AI, which details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can’t cope with 67% of them.
This is pushing analysts out the door, as two thirds (67%) of SecOps (Security Operations) analysts are considering or actively leaving their jobs.
The survey of over 2,000 IT security analysts found the size of their organisation’s attack surface (63%), and the number of security tools (70%) and alerts (66%) they manage, has significantly increased in the past three years. This is creating a “spiral of more” which threatens to overwhelm their ability to respond quickly to alerts and manage breaches and is causing analysts to consider leaving their jobs.
What’s more, sifting through false alerts is costing organisations approximately $3.3bn annually in the US alone, and using up analysts time to spot and respond to potentially serious breaches. Other key findings from the research include:
- 39% say there’s so much noise, it’s only a matter of time until they miss something.
- 39% agree the security tools they work with increase their workload rather than reduce it.
- 41% agree that security vendors flood analysts with pointless alerts because they are afraid of not flagging a breach.
- The most common reason analysts gave for leaving or considering leaving their role was spending too much time sifting through poor quality alerts (39%).
- Other reasons given included constant stress (35%), burnout (34%), and feeling “mind-numbingly bored” (32%).
“As enterprises shift to hybrid and multi-cloud environments, security teams are continually faced with more – more attack surface, more attacker methods that evade defenses, more noise, more complexity, and more hybrid attacks,” said Kevin Kennedy, senior vice president of products Vectra AI. “The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade. As an industry, we cannot continue to feed the spiral, and it’s time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes.”