For those working in information security, such as in a security operations center (SOC), the repetitive nature of the work also has the potential to cause burnout, which is not only harmful to the individual but also to the organization where they work.

Essentially, the job involves looking for anomalies in incoming data, day in and day out. When an anomaly is detected, the day-to-day changes a bit as there are incidents to investigate, data to collect, and risk and damage assessments to make. But major cyber incidents are not uncommon in companies with advanced solutions to protect servers, workstations, and the entire information infrastructure.

In a recent study conducted by Enterprise Strategy Group commissioned by security firm Kaspersky, 70% of organizations admitted to struggling to keep up with the volume of security alerts.

In addition to the volume, the variety of alerts is another challenge for 67% of organizations, according to ESG research. This situation makes it difficult for SOC analysts to focus on more important and complex tasks. 34% of companies with cybersecurity teams overwhelmed with urgent security alerts and issues said they do not have enough time to improve their strategies and processes.

“Our experts predict that cyber threat intelligence and threat hunting will be a key component of any SOC strategy. But the current landscape, where SOC analysts are spending their time, skills, and energy on handling poor quality IoCs and fighting unnecessary alerts instead of hunting for complex, hard-to-detect threats in the infrastructure, is not only an ineffective approach but also an inevitable burnout,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

To streamline a SOC's work and avoid alert fatigue, Kaspersky shares some prevention methods as follows:

• Arrange shifts within the SOC team to avoid overworking staff. Ensure all key tasks are assigned to people such as monitoring, investigation, IT engineering and architecture governance, and overall SOC management.
• Measures such as internal transfers and rotations, as well as automating routine operations and outsourcing data monitoring can help address staff overload.
• Using a proven threat intelligence service allows machine-readable intelligence to be integrated into existing security controls, such as a SIEM system, to automate initial processing and create enough context to decide whether to investigate an alert immediately.
• To help free up the SOC from routine alert handling tasks, a proven managed detection and response service can be used, such as Kaspersky Extended Detection and Response (XDR), a multi-layered security technology that helps protect IT infrastructure.