Complexity, volume of cyber attacks lead to burnout in security teams

The rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout and potential regulatory risk, according to Magnet Forensics.

“Digital forensics and incident response teams have proven to be indispensable to combat cybercriminals but the complexity and volume of attacks and the dearth of talent available to address them is leading to unprecedented burnout,” said Adam Belsher, CEO of Magnet Forensics.

The annual Magnet Forensics survey polled 492 digital forensics and incident response (DFIR) decision-makers and practitioners predominately located in North America, Europe, the Middle East and Africa. Its respondents described the current cybercrime landscape as evolving beyond ransomware and taking a toll on their investigation ability.

Growing incident waves overwhelm DFIR teams

• 40% of respondents described the evolution of cyberattack techniques as a “large” or “extreme” problem impacting their investigations. This represents a 50% increase from the 2022 State of Enterprise DFIR report.
• Business email compromise is on the rise and is now occurring more frequently than ransomware, the most common security threat in last year’s report. The highest number of respondents — 14% — said they encounter it “very frequently.”
• Business email compromise attacks are the most likely to require third-party resources to assist with the investigation, according to 50% of respondents.
• It’s taking security teams too long to get to the root cause of these evolving attacks. 43% said it takes them between one week and more than a month. About 1 in 3 respondents said that identifying the root cause requires either a “complete overhaul” or “major improvements.”

With cybercriminals intensifying their efforts, DFIR teams now find themselves investigating waves of incidents that are growing in volume and complexity.

According to 45% of respondents, the surge in investigations and the data associated to them is either a “large” or “extreme” problem for their organizations. Unable to handle this data alone, nearly two-thirds look to third parties for help.

A global talent shortage, one that’s left more than 755,000 unfilled cyber jobs in the U.S. alone, isn’t helping matters, according to the respondents. Nearly 1 in 3 say that recruiting and hiring new DFIR professionals for a security team is a challenge. Each of these factors is contributing to their burnout and leading them to seek out alternate solutions like automation.

Alert and investigation fatigue is likely playing a role in burnout

• 54% of the respondents said they were feeling burned out in their jobs.
• Alert and investigation fatigue is likely playing a role in burnout as 64% of respondents said it is a “real issue.”
• Today’s investigative workflows are being slowed down by a reliance on repetitive tasks and tools that aren’t interoperable. The same percentage of respondents — 37% — described both as either a “large” or “extreme” problem.
• Their workload may be contributing to exposing their organizations to regulatory risk. 46% said they just don’t have the time to understand new cybersecurity regulations.
• The respondents see automation as the solution. 50% said automation would be “extremely valuable” or “highly valuable” for several DFIR tasks, including the remote acquisition of target endpoints and the processing of digital evidence.