Nearly six in 10 security operations center (SOC) analysts spend most of their time handling ransomware and supply chain attacks that often result in a full-on ransomware attack, Cybereason said in a new study.
Four Focus Areas for SOCs
As a result, SOC modernization plans now focus on four areas, all impacted by ransomware:
- 38% plan to deploy new detection capabilities with better detection efficacy.
- 31% need better visibility into the full attack story.
- 31% are looking for ways to augment staffing and contract for managed services.
- 29% said ransomware has increased their need for better automation and faster response.
In a new Cybereason survey, roughly half (49%) of 1,203 security professionals from eight countries and 12 industries said ransomware is the most common incident type they deal with daily, followed closely by supply chain attacks (46%). Some 37% said daily alerts consumed most of their time, and 31% identified targeted attacks as a top daily concern.
Commenting on the findings, Lior Div, Cybereason chief executive and co-founder, said:
“In a post COVID world, the modern SOC needs to be a decentralized, capabilities-based organization that leverages industry-leading detection, prevention, visibility, and automation technologies, all of which are often augmented by managed services.”
A Deeper Dive into the Study
Here are some additional findings from the research:
On resolving an incident:
- 57% of respondents say resolving an incident takes 3-6 hours from discovery.
- 59% of respondents said it takes their company two hours to one day to resolve a ransomware incident.
- 19% said resolving a ransomware incident takes 3-7 days.
- 88% of respondents said they have missed a holiday or a weekend because of a ransomware attack.
On alerts:
- 34% of companies report receiving between 10,000 and 15,000 security alerts per day.
- 14% or respondents said up to 30% of alerts are processed on the same day.
On how ransomware has influenced SOC skills:
- 31% said the threat of ransomware has exposed their need for better insight and visibility into the full attack story.
- 38% said new detection capabilities that have better detection efficacy.
- 31% need more staff and contracts for services.
- 29% need more automation for faster response.
On industries that need better insight into attack story:
- 57% travel & transport.
- 39% retail, catering & leisure.
- 36% finance.
On response time:
- 29% said ransomware has increased their need for automation and faster response times.