Rise of cybercrime takes toll on burnt-out security teams

Share
More than half of respondents in new digital forensics survey said they felt burned out in their jobs, with alert and investigation fatigue playing a role

Overwhelming workloads and reliance on repetitive tasks that should be automated have contributed to a digital forensics industry in which more than half of executives feel burned out, a new survey claims.

The 2023 State of Enterprise DFIR survey, published by digital investigation company Magnet Forensics, reveals that the rapid evolution of cybercrime is weighing on security teams substantially more than last year, leading to widespread burnout and potential regulatory risk.

“Digital forensics and incident response teams have proven to be indispensable to combat cybercriminals, but the complexity and volume of attacks and the dearth of talent available to address them is leading to unprecedented burnout,” says Adam Belsher, chief executive officer of Magnet Forensics. 

The annual Magnet Forensics survey polled 492 digital forensics and incident response (DFIR) decision-makers and practitioners predominately located in North America, Europe, the Middle East and Africa. Respondents described the current cybercrime landscape as evolving beyond ransomware and taking a toll on their investigation ability.

More than 40 per cent of respondents described the evolution of cyberattack techniques as a “large” or “extreme” problem impacting their investigations. This represents a 50% increase from the 2022 State of Enterprise DFIR report.

Business email compromise is rising and is now occurring more frequently than ransomware, the most common security threat in last year’s report. The highest number of respondents — 14% — said they encounter it “very frequently.” These attacks are the most likely to require third-party resources to assist with the investigation, according to 50% of respondents.

Responses can take more than a month

It’s taking security teams too long to get to the root cause of these evolving attacks, the survey reveals, with more than 43% saying it takes them between one week and more than a month. 

About a third of respondents said that identifying the root cause requires either a “complete overhaul” or “major improvements.”

With cybercriminals intensifying their efforts, DFIR teams now investigate waves of incidents growing in volume and complexity. According to 45% of respondents, the surge in investigations and the data associated with them is either a “large” or “extreme” problem for their organisations. 

Unable to handle this data alone, nearly two-thirds look to third parties for help. According to the respondents, a global talent shortage that leaves more than 755,000 unfilled cyber jobs in the US alone isn’t helping matters. 

Nearly a third say recruiting and hiring new DFIR professionals is challenging. These factors contribute to their burnout and lead them to seek alternate solutions like automation.

  • More than half (54%) of the respondents said they felt burned out in their jobs.
  • Alert and investigation fatigue likely plays a role in burnout, as 64% of respondents said it is a “real issue.”
  • Today’s investigative workflows are being slowed down by a reliance on repetitive tasks and tools that aren’t interoperable. The same percentage of respondents — 37% — described both as either a “large” or “extreme” problem.
  • Their workload may be contributing to exposing their organisations to regulatory risk. Nearly half (46%) said they don’t have the time to understand new cybersecurity regulations.
  • The respondents see automation as the solution. More than 50% said automation would be “extremely valuable” or “highly valuable” for several DFIR tasks, including the remote acquisition of target endpoints and the processing of digital evidence.
Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security