The volume and sophistication of cybercrime is taking a toll on security teams, leading to widespread burnout and potential regulatory risk.
The reality comes via a new study by Magnet Forensics, a developer of forensics solutions, in its newly released 2023 State of Enterprise DFIR (Digital Forensics and Incident Response) report for 2023.
Magnet, which sells its platform to 4,000 enterprises and public safety organizations in more than 100 countries, surveyed nearly 500 DFIR decision makers and security experts. Researchers found that the cybersecurity industry is suffering from a shortage of talent to address cyber issues, prompting “unprecedented burnout.”
Respondents described the current cybercrime landscape as one that is evolving beyond ransomware and impeding their ability to investigate. Nearly one in three said that recruiting and hiring new DFIR professionals is a challenge.
“Digital forensics and incident response teams have proven to be indispensable to combat cyber criminals but the complexity and volume of attacks and the dearth of talent available to address them is leading to unprecedented burnout,” said Adam Belsher, Magnet chief executive.
A Closer Look at the Survey
The survey respondents described the cyber landscape this way:
- More than 40% of respondents described the evolution of cyberattack techniques as a “large” or “extreme” problem impacting their investigations. This represents a 50% increase from last year’s report.
- Business email compromise is on the rise and is now occurring more frequently than ransomware, which was the most common security threat in last year’s report. Some 14% of respondents said they encounter it “very frequently.”
- Business email compromise attacks are the most likely to require third-party resources to assist with the investigation, according to 50% of respondents.
- It’s taking security teams too long to get to the root cause of these evolving attacks. More than 43% said it takes them between one week and more than a month. About one in three respondents said that identifying the root cause requires either a “complete overhaul” or “major improvements.”
Here are some additional findings from the study:
- 54% of the respondents said they were feeling burned out in their jobs.
- Alert and investigation fatigue is likely playing a role in burnout as 64% of respondents said it is a “real issue.”
- Today’s investigative workflows are being slowed down by a reliance on repetitive tasks and tools that aren’t interoperable. 37% of respondents described both as either a “large” or “extreme” problem.
- Workload may be contributing to exposing their organizations to regulatory risk, as 46% said they just don’t have the time to understand new cybersecurity regulations.
- More than 50% said automation would be “extremely valuable” or “highly valuable” for several DFIR tasks, including the remote acquisition of target endpoints and the processing of digital evidence.