olly - Fotolia

Security ops teams struggle to switch off at home

Spiralling stress levels among SOC and IT security teams can be attributed mainly to alert overload, says Trend Micro

Security operations centre (SOC) and IT security teams are reeling from high levels of stress and find themselves unable to switch off when the working day is done, according to a new study compiled for Trend Micro.

The poll of 2,303 IT security and SOC decision-makers spanned organisations large and small across multiple verticals, but regardless of business size or specialism, it found that once they were off the clock, 70% of respondents felt their personal lives were being emotionally impacted by their work managing threat alerts.

Many managers said the high volumes of alerts left them unable to switch off or relax, and irritable around friends and family. At work, they tended to be more likely to turn off alerts – 43% said they did so occasionally or frequently – walk away from their computers, hope a colleague steps in, or ignore the alert entirely, increasing their organisation’s risk exposure.

A total of 51% of respondents said they felt their team was being overwhelmed by alert volume, and slightly more, 55%, said they were not entirely confident in their ability to prioritise and respond to alerts – as much as a quarter of all the time on the job was spent dealing with false positives.

Commenting on Trend Micro’s findings, security expert and author Victoria Baines said: “We are used to cyber security being described in terms of people, process and technology. All too often, though, people are portrayed as a vulnerability rather than an asset, and technical defences are prioritised over human resilience.

“It is high time we renewed our investment in our human security assets. That means looking after our colleagues and teams, and ensuring they have tools that allow them to focus on what humans do best.”

Trend Micro’s Bharat Mistry added: “SOC team members play a crucial role on the cyber front line, managing and responding to threat alerts to keep their organisations safe from potentially catastrophic breaches. But as this research shows, that pressure sometimes comes at an enormous personal cost.

“To avoid losing their best people to burnout, organisations must look to more sophisticated threat detection and response platforms that can intelligently correlate and prioritise alerts. This will not only improve overall protection, but also enhance analyst productivity and job satisfaction levels.”

Stress and burn-out has become a perennial issue for security professionals, even more so during the Covid-19 pandemic, as was demonstrated by a recent survey of members of ClubCISO, a private members forum. Over 60% of those surveyed in that instance said they had experienced increased stress during the past 12 months, and many said the direct reports on their teams felt the same way.

Even now, as vaccination programmes ramp up and governments begin to chart a way forward, a number still said their security teams were experiencing “unbearable” stress, and believed this had a damaging effect on their ability to function as needed.

Read more about CISOs and IT security teams

  • Data crunched by Gartner analysts reveals the behaviours that differentiate the top-performing chief information security officers from the pack.
  • Being a paramedic and working in cyber security taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles.

Read more on Data breach incident management and recovery