Alert and investigation fatigue is playing a role in employee burnout

Image via Unsplash

According to a Magnet Forensics survey, cybercrime is taking its toll on company employees. The survey revealed that the rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout and potential regulatory risk.

The annual survey polled 492 digital forensics and incident response (DFIR) decision makers and practitioners who are predominately located in North America, Europe, the Middle East and Africa. Its respondents described the current cybercrime landscape as one that is evolving beyond ransomware and taking a toll on their ability to investigate.

More than 40% of respondents described the evolution of cyberattack techniques as a “large” or “extreme” problem impacting their investigations. This represents a 50% increase from the 2022 report.

Business email compromise is on the rise and is now occurring more frequently than ransomware, the most common security threat in last year’s report. The highest number of respondents — 14% — said they encounter it “very frequently.”

Business email compromise attacks are the most likely to require third-party resources to assist with the investigation, according to 50% of respondents. According to the report, it’s taking security teams too long to get to the root cause of these evolving attacks. More than 43% said it takes them between one week and over a month. About one in three respondents said that identifying the root cause requires either a “complete overhaul” or “major improvements.”

With cybercriminals intensifying their efforts, DFIR teams now find themselves investigating waves of incidents that are growing in volume and complexity. According to 45% of respondents, the surge in investigations and the data associated to them is either a “large” or “extreme” problem for their organizations. Unable to handle this data alone, nearly two-thirds look to third parties for help. Nearly one in three say that recruiting and hiring new DFIR professionals is a challenge. Each of these factors is contributing to their burnout and leading them to seek out alternate solutions like automation.

Additional survey findings include:

More than half (54%) of the respondents said they were feeling burned out in their jobs.
Alert and investigation fatigue is likely playing a role in burnout as 64% of respondents said it is a "real issue".
Today’s investigative workflows are being slowed down by a reliance on repetitive tasks and tools that aren’t interoperable. The same percentage of respondents — 37% — described both as either a “large” or “extreme” problem.
Workload may be contributing to exposing their organizations to regulatory risk. Nearly half (46%) said they just don’t have the time to understand new cybersecurity regulations.
The respondents see automation as the solution. More than 50% said automation would be “extremely valuable” or “highly valuable” for several DFIR tasks, including the remote acquisition of target endpoints and the processing of digital evidence.

For more information, please visit magnetforensics.com and download the full 2023 State of Enterprise DFIR report.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.