Content, Content

Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows

Credit: Cybereason

Nearly six in 10 security operations center (SOC) analysts spend most of their time handling ransomware and supply chain attacks that often result in a full-on ransomware attack, Cybereason said in a new study.

Four Focus Areas for SOCs

As a result, SOC modernization plans now focus on four areas, all impacted by ransomware:

  • 38% plan to deploy new detection capabilities with better detection efficacy.
  • 31% need better visibility into the full attack story.
  • 31% are looking for ways to augment staffing and contract for managed services.
  • 29% said ransomware has increased their need for better automation and faster response.

In a new Cybereason survey, roughly half (49%) of 1,203 security professionals from eight countries and 12 industries said ransomware is the most common incident type they deal with daily, followed closely by supply chain attacks (46%). Some 37% said daily alerts consumed most of their time, and 31% identified targeted attacks as a top daily concern.

Commenting on the findings, Lior Div, Cybereason chief executive and co-founder, said:

“In a post COVID world, the modern SOC needs to be a decentralized, capabilities-based organization that leverages industry-leading detection, prevention, visibility, and automation technologies, all of which are often augmented by managed services.”

A Deeper Dive into the Study

Here are some additional findings from the research:

On resolving an incident:

  • 57% of respondents say resolving an incident takes 3-6 hours from discovery.
  • 59% of respondents said it takes their company two hours to one day to resolve a ransomware incident.
  • 19% said resolving a ransomware incident takes 3-7 days.
  • 88% of respondents said they have missed a holiday or a weekend because of a ransomware attack.

On alerts:

  • 34% of companies report receiving between 10,000 and 15,000 security alerts per day.
  • 14% or respondents said up to 30% of alerts are processed on the same day.

On how ransomware has influenced SOC skills:

  • 31% said the threat of ransomware has exposed their need for better insight and visibility into the full attack story.
  • 38% said new detection capabilities that have better detection efficacy.
  • 31% need more staff and contracts for services.
  • 29% need more automation for faster response.

On industries that need better insight into attack story:

  • 57% travel & transport.
  • 39% retail, catering & leisure.
  • 36% finance.

On response time:

  • 29% said ransomware has increased their need for automation and faster response times.