The time it takes for cybersecurity teams to detect system compromises, known as dwell time, has grown, but the majority are overconfident about their abilities, according to a report published today.

The 2020 State of the SOC Report, published today by security information and event management (SIEM) provider Exabeam, surveyed cybersecurity professionals working in security operations centres (SOCs) across Germany, Australia, Canada, the US and the UK.

It found that cybersecurity professionals generally give a positive assessment of their ability to detect threats, with 82% saying they were confident about the matter.

However, research from CrowdStrike has shown that dwell time grew by an average of 10 days between 2018 and 2019 – during which cybercriminals could enact considerable harm.

“From 2018-2019, we learned that dwell time – or, the time between when a compromise first occurs and when it is first detected – has grown,” said Steve Moore, chief security strategist at Exabeam.

“Based on this, it is surprising for SOCs to report such inflated confidence in detecting cyberthreats.”

Why the perceptions of cybersecurity teams matters

While this may not seem like a huge concern for businesses, it matters because many businesses will use the self-assessment of cybersecurity teams to inform decisions about cybersecurity funding and related operational choices.

And while many working in the field may feel that their employers often don’t listen to them, there are signs that this is not the case.

“We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more,” said Moore.

“However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.”

The report also found differences in priorities between analysts and cybersecurity teams. While the former currently see distributed denial of service (DDoS) attacks and ransomware as the biggest concern, those leading SOCs consider phishing attacks and supply chain vulnerabilities to be a greater priority.


Read more: Amnesty International: “Coordinated” spyware operation targets human rights activists in India