TNO, an independent research firm based in the Netherlands, is collaborating with the National Cyber Security Centre (NCSC) to research upcoming topics and advancements that are pertinent to the NCSC and its stakeholders.
One of the key areas being studied is the evolution of security operations centres (SOCs) in the near future and the trends that will impact them. Through interviews with CISOs, SOC managers, and other stakeholders, TNO researchers Reinder Wolthuis and Richard Kerkdijk have gathered insights on how SOCs are likely to change by 2030.
It is anticipated that there will be fewer SOCs in operation by 2030 due to the complexity and costs involved. Many organizations are expected to outsource their SOC operations to managed security service providers, with in-house SOCs being reserved for organizations with specific risk profiles.
Automation is set to play a significant role in the future of cybersecurity operations, with incident response workflows being orchestrated using machine-readable security playbooks. Sectoral SOCs are also expected to become more prevalent, with sector-specific knowledge being combined with cybersecurity expertise.
As the threat landscape evolves, SOCs will need to adapt to focus on advanced attacks, particularly those initiated by state-sponsored entities and large criminal organizations. Far-reaching automation is predicted to alleviate pressure on the labor market and enable cybersecurity experts to concentrate on more challenging tasks.
The report compiled by TNO researchers outlines a blueprint for the future SOC, emphasizing the need for organizations to embrace change and adopt automation to effectively manage security incidents. Failure to adapt to these changes may leave organizations vulnerable to cyber attacks in the future.