There is a significant disconnect between security operations center (SOC) leaders and staff, which is reducing the effectiveness of these teams, according to a new report by Devo Technologies.
The study used insights from over 1000 cybersecurity professionals; 535 leaders (senior executives, vice president, director or manager) and 485 staff/practitioner level (supervisor, technician staff or contractor). Almost 60% of SOC workers gave low grades to their leaders for how well they communicate the SOC strategy to them, with 13% rating their bosses a two or lower on a 10-point scale. Additionally, more than 40% of these respondents said that lack of leadership or executive-level support was a major barrier to success.
This disconnect was highlighted by a significant variation in perceptions of how well SOCs are working between leaders and staff. For example, half of leaders rated their SOC as ‘highly effective’ compared to less than 40% of staff. In addition, over half (51%) of leaders said their SOC effectively mitigates risks after they are identified versus just 35% of staff.
Another worrying finding was that 45% of staff and 37% of leaders did not believe SOC objectives were aligned with business needs.
The report also showed that 72% of all respondents rated the ‘pain’ of their SOC analysts at seven or above on a 10-point scale. The biggest pain points highlighted were burnout (71%), information overload (70%), lack of visibility into the attack surface (67%) and being on call 24/7/365 (63%). Close to two-thirds (63%) of respondents added that on-the-job pain in the SOC has caused them to consider changing careers or leaving their jobs.
The main barriers to successfully operating the SOC were ranked as lack of visibility into the IT security infrastructure (70% of leaders and 58% of staff), silo issues between the organization’s IT security operations and the SOC (64% of leaders and 58% of staff) and lack of available analyst talent (53% of leaders and 51% of staff).
Gunter Ollmann, CSO of Devo, commented: “The growing perception gap over SOC efficiency between operational leaders and practitioners should be seen as a warning sign of simmering frustrations that can have implications on SOC efficacy and analyst retention.”
“Whether complacency or still navigating new modes of work and staffing in the past year, organizations can’t afford to stall in advancing their defenses against what is a growing onslaught of attacks. It would seem that, while they weathered a storm in the past few years, organizations need a leadership and resource ‘booster shot’ to keep building a better defense for what comes next.”