The overall cybersecurity posture has remained strong due to greater investments in security automation technologies and reliance on managed security service providers (MSSPs), potentially paving the way for many security operations centers (SOCs) to become permanently remote, according to Siemplify’s study, titled The State of Remote Security Operations. The report, based on a recent survey of nearly 400 security operations (SecOps) professionals, studies how the sudden shift to remote work during the COVID-19 pandemic has affected SecOps analysts’ ability to perform their jobs and the impact on overall security postures.
SecOps is a highly collaborative function, with security analysts working closely in physical SOCs to address tens of thousands of alerts and security incidents daily, hunt for threats and problem-solve responses. The unexpected shift to remote workforces means that these professionals have been tasked with the challenge of securing more complex and dispersed, cloud-based environments at the same time that they themselves are working from home and have lost the benefits of collaborating with their colleagues in a centralized SOC.
“With threats growing in frequency and sophistication, and with the added challenges of performing SecOps from home, I think many people expected organizations’ cybersecurity postures to take a hit during the pandemic,” said Nimmy Reichenberg, CMO and head of strategy of Siemplify. “But our research showed just the opposite – 74% of respondents said their cybersecurity posture has remained largely the same or has even improved. There may have been initial struggles, but this clearly shows that the industry has risen to the occasion, pivoting quickly to help organizations ensure business continuity while staying protected during these challenging times.”
Key findings from the study include:
- SOCs will forever change: The physical SOC will most likely never return to its glory days, as virtual or hybrid SOCs offer more flexibility in recruiting hard-to-find cybersecurity talent and result in more satisfied security analysts. More than a quarter (26%) of respondents say it will be 12 months or longer before SecOps teams transition back to on-premises work, or that their SecOps teams do not intend to ever go back to on premises. Only 30% of respondents mentioned their morale had been reduced, while the rest had reported their morale has not changed (31%) or improved (39%).
- Challenges are mounting as alerts increase: 42% report that their alert volume is higher now than it was prior to the pandemic. Respondents also report that their jobs have become more difficult since going remote. 51% say investigating suspicious activities is more challenging in a remote environment, 47% say collaborating with their peers is more difficult, and 39% say problem solving and alert handling are more challenging from home.
- Insecure home networks and cloud adoption are the biggest threats: When asked to identify the top security risks facing their organization since transitioning to remote work, respondents named their employees’ insecure home networks as the top threat, followed by increased cloud adoption at a close second. Additionally, 57% report seeing more phishing threats since the shift to remote work.
- Investments in automation and managed services are increasing: To cope with the challenges of remote work, SecOps teams are turning to security automation technologies and the help of MSSPs. More than three-fourths (76%) of respondents say the COVID-19 pandemic has played a role in their actions to increase SecOps automation or is expected to in the near future. 37% have prepared new automated playbooks to respond to emerging, remote-specific threats, and 52% say their use of an MSSP has increased.
- Security postures remain strong: Even as SecOps has become more complex in today’s remote landscape and alerts have increased, security professionals have managed to keep their organizations well protected. Almost half (47%) say their security posture is mostly the same as before the pandemic and 27% say their security posture has actually improved. Just 26% of respondents say their security posture is worse than it was before the pandemic. Additionally, one-third of respondents are planning to or have already enhanced benefits to help retain SecOps staff.
“Although the SecOps profession has been flipped on its head by COVID-19, one possible silver lining is that organizations are hiring additional cybersecurity talent, enhancing their benefits and increasing investments in automation technologies in order to better support their SecOps teams,” Reichenberg said. “In an industry that is notorious for high stress and high turnover, this signals to me that teams are focusing more than ever on the right things.”