Unit 2
Collaborative discussion response
Focus on the possible measures that could have been put in place in order to prevent the incidents highlighted by your peers.
Hi [peer name],
The case of the Target supermarket chain is a great example of how a single weak link (in this case the HVAC supplier) can compromise an organization’s cybersecurity. While reviewing the case, I noticed another important factor in the breach: although Target had monitoring software in place, its alerts were ignored by employees (United States Senate Committee on Commerce, Science, and Transportation, 2014).
This is however unsurprising given the challenges security operations centre (SOC) teams face. Reports by Vectra AI, Inc. (2023) and Morning Consult & IBM (2023) show that analysts deal with overwhelming amounts of alerts daily, over 60 % of which are ignored. In Vectra’s research, most analysts admit it is possible their organization is already compromised. Two-thirds consider leaving their jobs, citing poor leadership and burnout.
Clearly, having an in-house SOC is not enough if management and operational issues remain unresolved. Outsourcing may not help either if the SOC provider struggles with the same problems.
A key issue here is the repetitive nature of the work combined with the high information load. Sundaramurthy et al. (2015) suggest automating mundane tasks and triaging alerts to allow analysts focus on more challenging and rewarding activities. And recent advances in artificial intelligence and machine learning could help eliminate false positives and prioritise alerts, thus reducing alert fatigue (Tariq et al., 2025).
To summarise, I believe that it is not enough to implement an SOC. It is an industry-wide problem that security teams are overworked and poorly managed. Therefore the solution should be to implement a holistic approach that goes beyond vetting contractors or purchasing state-of-the art software, and also ensures the SOC team wellbeing, effective management, and processes that foster employee engagement and professional growth.
What do you think about this anthropological aspect of cybersecurity? Do you think it also applies to third-party SOC providers? What approaches would you propose to improve the wellbeing of security analysts?
References
Morning Consult and IBM (2023) Global Security Operations Center Study Results. Available at: https://www.ibm.com/downloads/documents/us-en/10c31775a05401a5 (Accessed: 12 August 2025).
Sundaramurthy, S.C. et al. (2015) ‘A Human Capital Model for Mitigating Security Analyst Burnout’, in, pp. 347–359. Available at: https://www.usenix.org/conference/soups2015/proceedings/presentation/sundaramurthy (Accessed: 12 August 2025).
Tariq, S. et al. (2025) ‘Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities’, ACM Comput. Surv., 57(9), p. 224:1-224:38. Available at: https://doi.org/10.1145/3723158.
United States Senate Committee on Commerce, Science, and Transportation (2014) ‘A “Kill Chain” Analysis of the 2013 Target Data Breach’. Available at: https://www.commerce.senate.gov/services/files/24d3c229-4f2f-405d-b8db-a3a67f183883 (Accessed: 4 August 2025).
Vectra AI, Inc. (2023) 2023 State of Threat Detection. Available at: https://www.vectra.ai/resources/2023-state-of-threat-detection (Accessed: 12 August 2025).