Content, Content

Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows

Credit: Cybereason

Nearly six in 10 security operations center (SOC) analysts spend most of their time handling ransomware and supply chain attacks that often result in a full-on ransomware attack, Cybereason said in a new study.

Four Focus Areas for SOCs

As a result, SOC modernization plans now focus on four areas, all impacted by ransomware:

  • 38% plan to deploy new detection capabilities with better detection efficacy.
  • 31% need better visibility into the full attack story.
  • 31% are looking for ways to augment staffing and contract for managed services.
  • 29% said ransomware has increased their need for better automation and faster response.

In a new Cybereason survey, roughly half (49%) of 1,203 security professionals from eight countries and 12 industries said ransomware is the most common incident type they deal with daily, followed closely by supply chain attacks (46%). Some 37% said daily alerts consumed most of their time, and 31% identified targeted attacks as a top daily concern.

Commenting on the findings, Lior Div, Cybereason chief executive and co-founder, said:

“In a post COVID world, the modern SOC needs to be a decentralized, capabilities-based organization that leverages industry-leading detection, prevention, visibility, and automation technologies, all of which are often augmented by managed services.”

A Deeper Dive into the Study

Here are some additional findings from the research:

On resolving an incident:

  • 57% of respondents say resolving an incident takes 3-6 hours from discovery.
  • 59% of respondents said it takes their company two hours to one day to resolve a ransomware incident.
  • 19% said resolving a ransomware incident takes 3-7 days.
  • 88% of respondents said they have missed a holiday or a weekend because of a ransomware attack.

On alerts:

  • 34% of companies report receiving between 10,000 and 15,000 security alerts per day.
  • 14% or respondents said up to 30% of alerts are processed on the same day.

On how ransomware has influenced SOC skills:

  • 31% said the threat of ransomware has exposed their need for better insight and visibility into the full attack story.
  • 38% said new detection capabilities that have better detection efficacy.
  • 31% need more staff and contracts for services.
  • 29% need more automation for faster response.

On industries that need better insight into attack story:

  • 57% travel & transport.
  • 39% retail, catering & leisure.
  • 36% finance.

On response time:

  • 29% said ransomware has increased their need for automation and faster response times.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.