LogRhythm’s global study revealed security teams’ stress levels surge due to lack of proper tools and executive support, impeding their ability to tackle threats.
LogRhythm, a company powering today’s security operations centers (SOCs), has announced the release of its report, The State of the Security Team: Are Executives the Problem? The surprising primary findings revealed that 93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps.
Based on a global survey of more than 300 security professionals and executives to understand the root causes of the stress under which security teams operate, obtain feedback on the ways in which it could be alleviated and the best paths to remediation. It found 75% of security professionals now experience more work stress than just two years ago.
“Now, more than ever, security teams are being expected to do more with less leading to increasing stress levels. With more organizations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern,” said James Carder, CSO and VP of LogRhythm Labs. “This is a call to action for executives to prioritize alleviating the stress and better support their teams with proper tools, processes and strategic guidance.”
When asked what causes the most work-related stress, the two most selected answers were not having enough time (41%) and working with executives (18%). In fact, 57% of respondents indicated their security program lacks proper executive support – defined as providing strategic vision, buy-in and budget.
Furthermore, security professionals cited inadequate executive accountability for strategic security decision as the top reason (42%) they want to leave their job. An alarming statistic, given nearly half of companies (47%) are trying to fill three or more security positions.
“As businesses across the world accelerate digital adoption to ensure operations continue to run seamlessly following the onset of COVID-19, the pressure on cybersecurity teams to perform are even higher than before. However, the outstanding challenge with the shortage of cybersecurity talents, where Asia Pacific faces a huge 2.6 million shortfall, means that there is an urgent need to help relieve the pressure from security professionals, in order for them to be more efficient and effective in their job,” said Joanne Wong, VP for International Markets, LogRhythm. “In addition to expanding the security team size, implementing smarter detection-focused tools could significantly help security professionals to better analyze network traffic and user behavioral data and speed up threat detection and remediation.”
Deployment of redundant security tools points to value of tool consolidation
Sixty-eight percent of respondents admitted their organization has deployed redundant security tools, and 56% confess this overlap is accidental – once again emphasizing the need for improved strategic oversight from executives. Despite duplicative tools, 58% of respondents said they still need increased funding for tools when asked what additional support their security programs require.
Consequently, the report highlights the growing value of IT consolidation. Security professionals rate the value of solution consolidation highly, citing top benefits as less maintenance (63%), faster issue detection (54%), identification (53%) and resolution (49%), as well as lower costs (46%) and improved security posture (45%). Yet, only one in three companies (32%) have a real time security dashboard which provides a clear, consolidated view of all their security solutions.
Top five ways to reduce stress among security teams
When asked what would help alleviate their stress, the top five responses included:
• 44%: Increased security budget
• 42%: Experienced security team members
• 42%: Better co-operation from other IT teams
• 41%: Supportive executive team
• 39%: Fully staffed security team
“All employees, from the CEO to the frontline IT worker, need to feel that they play a significant role in maintaining the security of the company for which they work,” said James Carder, CSO and VP LogRhythm Labs. “At LogRhythm, we are committed to empowering the SOC team and improving visibility and automation so our customers can successfully safeguard their critical assets.”
Part of the report includes: “Those in the security space have been seeing more and more reports of the heightened stress on the security operations center (SOC) and the analysts and managers who run it. It is no surprise that a whopping 75 percent of security professionals say they have more work stress now than they did just two years ago. There are many reasons that might factor into this rapid increase of pressure on the SOC team - including evolving threats, Digital Transformation, rapidly increasing data and changing environments, inadequate security solutions, and under-trained and under-skilled team members.
But what may come as a surprise are the two primary causes for this increase: 1) lack of time, and 2) executive interactions. When asked whether their security program has enough executive support - specifically, do you have enough budget, does the executive team provide a strategic vision for security, and do you feel as though you have the buy-in you need for your program - more than half the respondents said they do not feel like the support is significant.
“The explicit finding that executives are part of the problem grows as more than half of security professionals state their security program suffers for a lack of executive support. In fact, executive accountability, or lack thereof, is the primary reason security professionals want to leave their current job. When asked what would help alleviate their stress, executive support was in the top five, with the remaining four items directly controlled by executives, such as a co-operative environment and properly skilled and staffed security teams with the needed budget.
“When asked what would help alleviate their stress, increasing the security budget was the most commonly selected answer. When later asked what this budget would go towards, 58 percent of respondents said they needed increased funding for tools, and 47 percent of respondents said they need to grow the security team. These points lead back to why executive support is so critical to a security program. Without it - and the budgetary support that goes with it - the team is unable to keep up with the burden of securing the organization’s data.”