Companies are investing in security operations but limited by talent gaps

Dive Brief:

The majority (85%) of security operations centers (SOCs) increased their spending during the pandemic, according to the CyberRes 2021 State of Security Operations report. The report is based on a survey of 520 respondents within a database of IT decision-makers conducted by Dynata in May.
Almost 40% of respondents intend to invest in security solutions — including unified data lakes, attack surface management and red teaming — over the next 12 months. Nearly all of the respondents, 99%, already use the cloud for IT security operations.
In addition to investment in security technologies, 97% of respondents are looking for more talent, particularly in attack detection and analysis, the survey found.

Dive Insight:

The COVID-19 pandemic placed pressure on SOCs — more than they were used to. The business continuity technologies companies were using could threaten security if deployed haphazardly.

SOCs are the most successful when technology is routinely updated and the tech stack is effectively integrated, a 2020 Cisco survey found. The majority (71%) of respondents currently use security information and event management (SIEM) and log management (69%) as the foundation for other security technologies.

While companies plan to acquire additional security solutions, they're less present in the technology stack. These secondary technologies include security orchestration, automation and response (SOAR), advanced threat hunting, and threat intelligence.

Given the remote work environment, only 52% of respondents said they are currently using attack surface management in the forms of endpoint detection and response (EDR) or endpoint threat detection and response (ETDR), according to the CyberRes report.

More than one-third of respondents said they intend to acquire the solutions. But budgets that were once dedicated to EDR and SIEM may be redirected to extended detection and response (XDR) as it becomes more mainstream.

Samantha Ann Schwartz/Cybersecurity Dive, data from CyberRes

A company cannot adopt the tools it needs if it doesn't have the people necessary to run them. A SOC is incomplete with only technology.

Cyberseek estimates there are more than 460,000 open cyber-related jobs in the U.S. Some of the largest talent gaps in cities "where cybersecurity is most needed," including Washington, Dallas and New York.

For some CISOs, the onus to attract talent is on them and the standards they make.

"There's definitely some elitism in the cybersecurity world," said Rebecca Harness, AVP and CISO of Saint Louis University, while speaking during a webcast hosted by Proofpoint Thursday. "Some of my best cybersecurity professionals in my organization are one to two years into their cybersecurity career."

Cybersecurity skills vary between hard and soft skills; it's unlimited to coding abilities, firewalls, risk analysis, or even computer skills. "We're setting the bar too high for entry-level positions. I think that's the biggest error in the cybersecurity security hiring process," said Aaron Baillio, CISO of the University of Oklahoma, during the webcast.

SOCs would benefit most from onboarding talent skilled in attack detection and analysis, 72% of the CyberRes respondents said. Vulnerability assessment and patching, and security awareness training tied for second (62%), followed by incident response for 55% of respondents.

Still, almost 10% of companies struggle with a lack of available skills in their SOCs this year — only 3% of respondents said they don't require any more staff.

Any scarcity in skills could lead to a successful cyberattack, and security professionals know it. To compensate, SOCs are outsourcing, though even IT security managers can miss or ignore threat alerts if a queue is full. SOCs — whether internal or external — are overburdened.