Overall cybersecurity posture has remained strong throughout the shift to remote work due to greater investments in security automation technologies and reliance on managed security service providers, potentially paving the way for many security operations centers to become permanently remote explained Siemplify in a new report.
SecOps is a highly collaborative function, with security analysts working closely in physical SOCs to address tens of thousands of alerts and security incidents daily, hunt for threats and problem-solve responses.
The unexpected shift to remote workforces means that these professionals have been tasked with the challenge of securing more complex and dispersed, cloud-based environments at the same time that they themselves are working from home and have lost the benefits of collaborating with their colleagues in a centralized SOC.
Key Findings from The State of Remote Security Operations report:
SOCs will forever change
The physical SOC will most likely never return to its glory days, as virtual or hybrid SOCs offer more flexibility in recruiting hard-to-find cybersecurity talent and result in more satisfied security analysts. More than a quarter (26%) of respondents say it will be 12 months or longer before SecOps teams transition back to on-premises work, or that their SecOps teams do not intend to ever go back to on premises. Only 30% of respondents mentioned their morale had been reduced, while the rest had reported their morale has not changed (31%) or improved (39%).
Challenges are mounting as alerts increase
Forty-two percent report that their alert volume is higher now than it was prior to the pandemic. Respondents also report that their jobs have become more difficult since going remote. Fifty-one percent say investigating suspicious activities is more challenging in a remote environment, 47% say collaborating with their peers is more difficult, and 39% say problem solving and alert handling are more challenging from home.
Insecure home networks and cloud adoption are the biggest threats: When asked to identify the top security risks facing their organization since transitioning to remote work, respondents named their employees’ insecure home networks as the top threat, followed by increased cloud adoption at a close second. Additionally, 57% report seeing more phishing threats since the shift to remote work.
Investments in automation and managed services are increasing
To cope with the challenges of remote work, SecOps teams are turning to security automation technologies and the help of MSSPs. More than three-fourths (76%) of respondents say the COVID-19 pandemic has played a role in their actions to increase SecOps automation or is expected to in the near future. Thirty-seven percent have prepared new automated playbooks to respond to emerging, remote-specific threats, and 52% say their use of an MSSP has increased.
Security postures remain strong
Even as SecOps has become more complex in today’s remote landscape and alerts have increased, security professionals have managed to keep their organizations well protected. Almost half (47%) say their security posture is mostly the same as before the pandemic and 27% say their security posture has actually improved. Just 26% of respondents say their security posture is worse than it was before the pandemic. Additionally, one-third of respondents are planning to or have already enhanced benefits to help retain SecOps staff.