Rise of cybercrime takes toll on burnt-out security teams

Overwhelming workloads and reliance on repetitive tasks that should be automated have contributed to a digital forensics industry in which more than half of executives feel burned out, a new survey claims.

The 2023 State of Enterprise DFIR survey, published by digital investigation company Magnet Forensics, reveals that the rapid evolution of cybercrime is weighing on security teams substantially more than last year, leading to widespread burnout and potential regulatory risk.

“Digital forensics and incident response teams have proven to be indispensable to combat cybercriminals, but the complexity and volume of attacks and the dearth of talent available to address them is leading to unprecedented burnout,” says Adam Belsher, chief executive officer of Magnet Forensics. 

The annual Magnet Forensics survey polled 492 digital forensics and incident response (DFIR) decision-makers and practitioners predominately located in North America, Europe, the Middle East and Africa. Respondents described the current cybercrime landscape as evolving beyond ransomware and taking a toll on their investigation ability.

More than 40 per cent of respondents described the evolution of cyberattack techniques as a “large” or “extreme” problem impacting their investigations. This represents a 50% increase from the 2022 State of Enterprise DFIR report.

Business email compromise is rising and is now occurring more frequently than ransomware, the most common security threat in last year’s report. The highest number of respondents — 14% — said they encounter it “very frequently.” These attacks are the most likely to require third-party resources to assist with the investigation, according to 50% of respondents.

Responses can take more than a month

It’s taking security teams too long to get to the root cause of these evolving attacks, the survey reveals, with more than 43% saying it takes them between one week and more than a month. 

About a third of respondents said that identifying the root cause requires either a “complete overhaul” or “major improvements.”

With cybercriminals intensifying their efforts, DFIR teams now investigate waves of incidents growing in volume and complexity. According to 45% of respondents, the surge in investigations and the data associated with them is either a “large” or “extreme” problem for their organisations. 

Unable to handle this data alone, nearly two-thirds look to third parties for help. According to the respondents, a global talent shortage that leaves more than 755,000 unfilled cyber jobs in the US alone isn’t helping matters. 

Nearly a third say recruiting and hiring new DFIR professionals is challenging. These factors contribute to their burnout and lead them to seek alternate solutions like automation.

• More than half (54%) of the respondents said they felt burned out in their jobs.
• Alert and investigation fatigue likely plays a role in burnout, as 64% of respondents said it is a “real issue.”
• Today’s investigative workflows are being slowed down by a reliance on repetitive tasks and tools that aren’t interoperable. The same percentage of respondents — 37% — described both as either a “large” or “extreme” problem.
• Their workload may be contributing to exposing their organisations to regulatory risk. Nearly half (46%) said they don’t have the time to understand new cybersecurity regulations.
• The respondents see automation as the solution. More than 50% said automation would be “extremely valuable” or “highly valuable” for several DFIR tasks, including the remote acquisition of target endpoints and the processing of digital evidence.