Security professionals are also at risk of being overloaded.

For those working in information security, such as in a security operations center (SOC), the repetitive nature of the work also has the potential to cause burnout, which is not only harmful to them but also to the organization they work for.

Essentially, the job involves looking for anomalies in incoming data, day in and day out. When an anomaly is detected, the day-to-day changes a bit as there are incidents to investigate, data to collect, and risk and damage assessments to make. But major cyber incidents are not uncommon in companies with advanced solutions to protect servers, workstations, and the entire information infrastructure.

In a recent study conducted by Enterprise Strategy Group commissioned by security firm Kaspersky, 70% of organizations admitted they are struggling to keep up with the volume of security alerts.

According to ESG research, in addition to the number of alerts, the variety of alerts is another challenge for 67% of organizations. This situation makes it difficult for SOC analysts to focus on more important and complex tasks. 34% of companies with cybersecurity teams overloaded with urgent security alerts and issues said they do not have enough time to improve their strategies and processes.

“Our experts predict that cyber threat intelligence and threat hunting will be a key component of any SOC strategy. But the current landscape, where SOC analysts are spending their time, skills, and energy on handling poor quality IoCs and fighting unnecessary alerts instead of hunting for complex, hard-to-detect threats in the infrastructure, is not only an ineffective approach but also leads to inevitable burnout,” said Yeo Siang Tiong, General Manager, Kaspersky Southeast Asia.

To streamline the work of a SOC and avoid alert fatigue, Kaspersky shares some prevention methods as follows:

• Arrange shifts within the SOC team to avoid overworking staff. Ensure all key tasks are delegated to people such as monitoring, investigation, IT engineering and architecture governance, and overall SOC management.
• Measures such as internal transfers and rotations, as well as automating routine operations and hiring external data monitoring experts, can help address staff overload.
• Using a proven threat intelligence service allows machine-readable intelligence to be integrated into existing security controls, such as a SIEM system, to automate initial processing and create enough context to decide whether an alert should be investigated immediately.
• To help free up the SOC from routine alert handling tasks, a proven managed detection and response service can be used, such as Kaspersky Extended Detection and Response (XDR), a multi-layered security technology that helps protect IT infrastructure.