By Samantha Humphries, security strategist, Exabeam
With 71% of cyber professionals reporting increased threats since the COVID-19 pandemic started, are SOCs prepared to mitigate these threats? The Exabeam 2020 State of the SOC report revealed 40% of companies reported being understaffed, which puts additional strain on security teams and makes their jobs much more challenging.
And our latest survey reveals that this problem is being exacerbated by the challenges of working from home, budget cuts, and security team reductions. We received responses from 1,005 U.S. and U.K. cybersecurity professionals who manage and operate SOCs. Our study included CIOs (50%) and security analysts and practitioners from companies across 12 different industries. Employee size ran the gamut, although the majority (53%) had between 100-249 security professionals.
The results paint a striking picture of SOC organizations trying to manage more significant security threats with fewer resources.
Furloughs Are Commonplace Despite Increasing Threats
Unfortunately, despite the increase in cyber threats, our survey found three-quarters of organizations had to furlough members from the SOC team. About 50% had to furlough between 1-2 employees. The U.S. furloughed fewer SOC employees compared to their U.K. counterparts.
Figure 1: Seventy-five percent of organizations had to furlough SOC staff.
Soc Teams Impacted by Redundancies
Overall, 68% of companies report having laid off staff members. The majority had between 1-3 employees laid off. U.S. SOCs had fewer layoffs compared to the U.K. SOCs.
Figure 2: Almost 30% of companies laid off two staff members from their security teams.
Many Companies Are Deferring New Hires
Given the furlough and redundancy findings, it’s no surprise that 57% of the companies had to defer hiring since the start of the COVID-19 pandemic. A higher percentage of U.S. companies (71%) delayed hiring compared to the U.K. with 42% deferring.
Figure 3: Fifty-seven percent of organizations had to defer hiring.
Security Tech Investments Also on Hold
The COVID-19 pandemic has not only harmed people, but it also forced 60% of companies to defer investments in security technology, which were previously planned. The U.S. had a higher deferment rate of 68% compared to the U.K. rate of 51%.
Figure 4: Nearly sixty percent of organizations had to defer investments in security technology previously planned.
Cyberattacks Are Skyrocketing
Unfortunately, only 18% of companies overall had not seen an increase in the number of cyberattacks since the beginning of the COVID-19 pandemic. Eighty-eight percent of U.S. companies reported seeing slightly more and considerably more attacks compared to 74% of U.K. organizations.
Figure 5: Eighteen percent of organizations reported not having an increase in the number of cyberattacks since the beginning of COVID-19.
Work from Home = New Challenges for Security Teams
Remote work has presented challenges for many SOC staff members. No doubt reduced staff numbers made their jobs even more difficult. Respondents cited communications within their security team as the most significant challenge mitigating threats while working remotely, followed by communications with other IT departments. Twenty-nine percent reported difficulty investigating attacks. There was little significant variance in problems between U.S. and U.K. companies, although a higher percentage of U.S. companies 40% had more difficulty communicating with other IT teams compared to 22% in the U.K.
Figure 6: Twenty-nine percent of organizations reported difficulty investigating attacks.
Home Workers More Prone to Error
The shift to WFH has harmed many employees’ mental states and their ability to do their jobs. Some of the biggest challenges working remotely included being more prone to making mistakes due to distractions in the house — 49%, increased blurring of the line between personal and operated computers and data — 42% and learning new tools — 39%.
Figure 7: Forty-nine percent of security professionals were prone to making mistakes due to distractions in the home.
Most Companies Continue to Use/Invest in Automation Tools
With fewer SOC staff, automation tools are essential in mitigating security threats. Only 17% of companies decreased their use/investment in automation tools. Fifty-two percent reported neither increased/decreased use or investment. Only 8% of the U.S. reduced their use/investment in comparison to 26% of U.K. organizations.
Figure 8: Seventeen percent of companies decreased their use/investment in automation tools.
⅓ Of Companies Have Been Hit with A Successful Cyberattack During the Pandemic
Thirty-three percent of overall companies reported encountering a successful cyberattack since the beginning of the pandemic. There were no significant variances between U.S. and U.K. companies
Figure 9: Thirty-three percent of companies reported experiencing a successful cyberattack since the beginning of the COVID-19 pandemic.
Mitigation and Legal Costs Are the Top Consequence of Cyberattacks
Companies reported several consequences of successful cyberattacks. The most common effect was mitigation and legal costs — 44%, followed by loss of business revenue — 41% and a negative impact on brand reputation — 41%.
Figure 10: Forty-four percent of companies reported mitigation and legal costs were a consequence of successful cyberattacks.
Cyberattacks Hitting Organizations in The Wallet
Considering many organizations are seeing a financial impact due to the pandemic, the additional cost of a cyberattack could not come at a worse time. Regarding lost business revenue, our survey found in the U.S., 35% lost between $38K-63K, and 14% reached losses of $63K-95K; in the U.K., 40% lost between £30K-50K. In terms of the financial impact on a brand, in the U.K., 43% saw between £30K-50K in losses; in the U.S., 38% reported between $38K-63K in losses. Also, 7.5% in each region lost between £50K-75K or $63K-95K.
Concerning the financial impact of legal and mitigation costs, in the U.K., 33% spent between £20K-40K; in the U.S., approximately 30% spent between $38K-63K, and for 11 % the costs hit the $63K-95K range.
DOWNTIME IS PROMINENT TOO
Since the beginning of the COVID-19 pandemic, 97% of companies experienced downtime between 1-4 hours. Fortunately, only 3% reported downtime higher than four hours.
Figure 11: Only 3% percent of companies experienced downtime greater than four hours.
The findings from our survey clearly show many SOCs have to manage a much more significant number of cyber threats with a leaner staff. Exabeam is committed to helping you and your SOC get through the COVID pandemic. Here are a few resources to help:
- Webinar: SOC-from-home. Actionable Insights for Security Practitioners
- Blog Series: Securing Your Remote Workforce
- Webinar: Adapting Security Programs for an Unprecedented Future
About the Author
Samantha has 20 years of experience in cybersecurity. She has defined strategy for multiple security products and technologies, helped hundreds of organizations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained anyone who’ll listen on security concepts and solutions. She authors articles for various security publications, and is a regular speaker and volunteer at industry events, including BSides, IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team Village (DEFCON).”
Samantha can be reached online at [email protected] and at https://exabeam.com
