Security operations center (SOC) performance is getting worse, and the human element continues to battle stress, causing employees to search for new jobs in higher numbers, according to a study from Devo Technology and the Ponemon Institute.
SOCs are an integral part of the security in large organizations, but it's an extremely stressful job, with one of the industry's highest turnover rates. There is also the problem that the return on investment (ROI is difficult to quantify for SOC operations.
The same problem follows SOCs from one year to the next. Besides the stress many employees experience in these positions, companies have always been reluctant to invest as much as they should. The good news is that organizations continue to see SOC as necessary, with 72% of respondents categorizing it as "essential" or "very important," a 5% year-over-year increase.
The turnover in SOC positions remained pretty much the same as in 2019, with 60% of SOC team members still considering changing careers or leaving their jobs due to stress.
One way to alleviate this problem is with further investments, and there's good news on this front. According to the survey, the average annual cybersecurity budget for organizations rose $6 million to $31 million, with the SOC representing more than a third of that total.
Stress factors and other issues that plague the proper functioning of SOC include a lack of visibility into the IT infrastructure (70%,) combat turf or silo issues between IT and the SOC (64%,), lack of automation (71%,) manually cycling of alerts (47%) and malware protection and defense (50%.)
As usual, the most significant factors that drive stress in SOCs include information overload (67%, up from 62%), burnout from increased workloads (75%, up from 73%) and "complexity and chaos" in the SOC (53%, up from 49%.)
Finally, 50% of respondents say the skills shortage remains a problem. Moreover, 40% of respondents say they have too many tools; in contrast, more than half don't have all the necessary data or the ability to capture actionable intelligence. Unfortunately, this usually translates into a long mean time to response (MTTR,) with 39% saying their average time to resolve an incident is "months or even years."
The survey covered 585 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about their organizations' cybersecurity practices.