According to one survey, alert fatigue, skills atrophy, AI overdependence, hallucinations and missed threat indicators were areas needing human oversight/collaboration.
Based on an Oct to Dec 2024 survey of 2,058 security leaders* on issues involving the management of security operation centers (SOCs), a cybersecurity firm has announced some data findings.
First, 46% of respondents had cited spending more time maintaining tools than defending the organization, while 11% cited trusting AI completely for mission-critical tasks. Furthermore, 66% had cited experiencing a data breach in the past year, the most common security incident in the data set.
Second, in terms of SOC workforce challenges, 52% of respondents cited overwork; 52% cited that stress on the job has prompted them to think about leaving cybersecurity altogether; and 43% cited facing unrealistic expectations by leadership.
Other findings
Third, when polled about major barriers to effective threat detection and response, 59% cited tool maintenance as their main source of inefficiency; 78% indicated that their security tools were dispersed and disconnected; and 69% cited disconnected and dispersed tools creating moderate to significant challenges.
Fourth, factors impacting SOC effectiveness were cited by respondents: losing valuable investigation time to data management gaps (57%), having too many alerts (59%), and having to address too many false positives (55%)
Aligning SOCs for the AI era
Based on the data trends, six strategies for improving SOCs have been identified:
- Streamline, consolidate and enhance toolset effectiveness
- Hire trainable, curious talent, and equip them with rich learning resources to be future-ready
- Reduce alert fatigue and improve alert management and response efficiency
- Choose generative AI solutions that are domain-specific and keep humans in the loop
- Develop clear processes and regular drills to enhance incident response, team collaboration and cultural unity
- Make threat detection a team sport strengthened with knowledge-sharing, holistic buy-in, and a democratized approach to team collaboration
Reviewing the data trends, Michael Fanning, CISO, Splunk, the firm that commissioned the survey, said: “Organizations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don’t see AI taking complete oversight of the SOC, for good reason. Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organization.”
*includingdirectors of security, vice presidents of cybersecurity, directors of security operations, and security analysts) in Australia, France, Germany, India, Japan, New Zealand, Singapore, the UK, and the US in 16 industries: business services; construction and engineering; consumer packaged goods; education; financial services; government (federal/national, state and local), healthcare; life sciences; manufacturing; technology; media; oil/gas; retail/wholesale; telecom; transportation/logistics; and utilities.
