Security burnout: Avoidable or inevitable?
The biggest threat facing cybersecurity is not advanced attackers or evolving technology. It is the lack of people able to defend networks.
Cybersecurity experts predict that by 2021 there will be 3.5 million unfilled cybersecurity jobs. That number is up from one million in 2016. The reasons behind this global issue are complicated, but many of them stem from the overarching issue of security burnout and the difficulty of new individuals entering the cybersecurity workforce to reduce the overall workload.
Security burnout has plagued the cybersecurity community for decades and is becoming a more severe problem with each passing year. This is due in part to the overwhelming volume of security events delivered to security analysts for triage and prioritization. Security burnout caused one friend to leave his job and take several months off before re-entering the workforce.
According to ESG, 63 percent of organizations say the cybersecurity skills shortage has led to increased workloads on existing staff. It comes as no surprise that the consequences of overworking staff result in an overwhelmed cybersecurity team, high burnout rates and human error.
The skills shortage could be a reflection of how manually intensive and complex the threat detection and response process is and how this vigorous time-consuming process limits most Tier-1 analysts from being effective threat hunters, a task normally requiring more skilled and even less available security researchers. Even more daunting is that the job of detecting threats is never really done, and manual investigation of security events consumes hours of an analyst’s day.
In the end, many security analysts typically feel as though they haven’t contributed to the overall cybersecurity posture of an organization and thus begins the burnout. Before AI, the only way to effectively tackle security burnout is to bring in more people.
Although there is no magic bullet to resolve this issue, artificial intelligence is playing a key role in reducing the workload of threat hunting by automating the dreary, mind-numbing tasks of threat detection, triage, scoring and prioritization that Tier-1 analysts must perform today.
AI augments cybersecurity work by automating the mundane, tedious tasks that are typically performed by the Tier-1 analysts, enabling them to be effective threat hunters.
For example, without AI, a security alert raises dozens of questions that the analyst must answer to verify if the alert is legitimate and determine its priority. Often this requires the assistance of more experienced Tier-2 and Tier-3 analysts.
However, AI will automate the triage of an individual security event to determine if it is an attacker behavior, and correlate it with other behaviors that may be affecting the same devices. AI can automate the scoring of the attacker behaviors and prioritize them based on risk or threat level. As a result, the manual work is eliminated and the analyst is presented with the right context to take action with confidence.
While AI is an advanced technology, it should be easy for anyone to use. AI enables the Tier-1 analyst to become threat hunters, allowing analysts to fine-tune their skills and become better at their current and future jobs.
AI empowers analysts with an advantage in the fight against attackers because it accelerates the speed of response so they can address more threats in a day with less manual work.
AI alone will not prevent security burnout. Analysts need to be given the opportunity to discover what skills best suit them through cross-training opportunities in the various roles of cybersecurity.
AI is the inevitable next phase in cybersecurity. What is avoidable, however, is security burnout. By implementing key business and professional-growth programs --
and augmenting the work of security analysts with AI -- organizations can greatly reduce their own security burnout rate and play a role in developing the security analysts of the future.
Chris Morales is Head of Security Analytics at Vectra Networks, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.