Employee retention through automation

The COVID-19 coronavirus pandemic brought working remotely to a level never before seen in the modern world. While there have been many advantages that have come with remote and hybrid work opportunities, the number of cyber-security threats have also spiked during this time, and it is generating substantial fatigue and burnout in SOC experts.

“With the move to hybrid work, we’re seeing many more devices, many more threat vectors, and we really have seen just an explosion in alerts and alert fatigue,” says Kevin Magee, chief security officer at Microsoft Canada.

“It’s taking its toll on the workforce, which already has potentially millions of jobs opening. We can’t train and onboard, and we can’t get folks up to speed quick enough
to keep ahead of these. So, businesses and organizations turning more to automation to combat this is really the only way we can start to really bridge this gap.”

One way many companies are combatting increased cybersecurity threats and managing the massive waves of alerts is through XDR (extended detection and response) solutions, which equip SOC professionals with intelligent, automated responses.

“The average security organization can have 60 or 65 tools, all of which are really point solutions, and everyone’s watching their own point solutions,” he says. “But attacks don’t work in just one vector or one solution, they cross them. So, these silos are great blind spots attackers can take advantage of and move laterally through their attacks, which can then slow down the overall response. XDR is really meant to resolve that issue. To make all of these point solutions talk to each other and create context, so the defender can respond either automatically or much quicker.”

By relying on automated solutions like XDR to manage simpler tasks, companies can also make cybersecurity roles more attractive to their current and future employees.

“I do worry if we don’t get ahead of some of these problems by using smart technologies that we’ll start to turn people away, and they won’t want to go into cyber- security. They’re going to want fulfilling careers. They’re going to want to work on things that really matter, rather than going through logs and alerts. So, this is not only really important from threat posture, or sort of ‘a keeping up with the bad guys’ approach, but also to talent retainment and talent attraction,” Magee says. “I believe the most talented people you want to hire will start to gravitate towards organizations that deploy these tools, that are interested in making these tools available for the individual to work with when they do join the organization, and it will be a retention strategy as well. People are going to want to work in well-equipped SOCs where they can make a difference.”

XDR solutions aren’t just for large companies with teams of cybersecurity experts. Microsoft Canada provides solutions for small businesses as well.

“Asking your dentist to stand up a SOC and run a SIEM and man- age cybersecurity for a small office of 20 or 30 people is just not possible,” Magee says. “Technologies like XDR that can be deployed for small businesses are a great opportunity for them to prevent a large portion of the attacks that are coming their way from the onset, and then, perhaps, they outsource or they hire a one of our partners to work with them on some of the more complex challenges or any breaches that would occur. Even a small incremental increase in your ability to fight ransomware, to fight some of these phishing and business email compromises can be the difference between whether businesses stay open or not.”

To learn more about how the advantages of SIEM and XDR, visit: https://www.microsoft.com/en-ca/security/business/threat-protection.