Cyber Threats, Unintegrated Tools and Alert Fatigue

Cyber Threats, Unintegrated Tools and Alert Fatigue

Make sure the cure isn’t worse than the disease…

Unintegrated Tools and Alert Fatigue Blog Image

In a well-publicized data breach several years ago the targeted company saw more than 40 million customers affected and its financial losses wound up well north of $200 million. The hack also took down multiple senior leaders.

 

Interestingly, the company’s security products actually detected the intrusion, but no action was taken. Due to the high volume of alerts from multiple security tools and the frequency of false alarms the IT team simply ignored it.

 

The condition – known as “alert fatigue” – is a sort of “boy who cried wolf” phenomenon. And it’s surprisingly common.

 

Several factors contribute to the problem. For one thing, there’s simply so much data – most organizations face a major challenge knowing what they have, where it is, who should have access and how it should be used. In this environment, attention is necessarily stretched thin.

 

Second, most organizations struggle to adequately staff their cybersecurity operations thanks to a significant talent shortage (that’s only getting worse).

 

Third, the number (and seriousness) of cyber attacks, already huge, is steadily increasing.

 

Finally, the proliferation of unintegrated cyberdefense tools can actually make the problem worse by eroding the effectiveness of the security team. Cybersecurity professionals get so used to alarms they begin tuning them out. According to the Cloud Security Alliance:

 

…half of enterprises have six or more tools that generate security alerts. Among IT security professionals, 40.4% say that the alerts they receive lack actionable intelligence to investigate and another 31.9% report that they ignore alerts because so many are false positives. With the enormous volume of events generated by cloud usage – an average of 2 billion transactions each month at the average enterprise – it’s important that a cloud threat protection solution not add to this noise. [emphasis added]

 

The Ponemon Institute estimates “enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.” And all that wasted time dulls an organization’s vigilance.

 

The takeaway for CISOs and other cybersecurity professionals is straightforward: your cybersecurity solutions need to enhance signal, not contribute to the noise. A profusion of unintegrated tools generating false positives is an award-winning recipe for disaster, especially in a context where 1.7MB of data is being created every second for every person on earth.

 

Enterprises are certainly capable of addressing these challenges head on, and that process starts with adopting a strategic, risk-centric approach to supporting business requirements and outcomes.

 

Our new infographic book, A Visual Landscape of Cybersecurity, is 100 pages of eye-opening stats and insights for CISOs to board members to SOC analysts and everyone else in the information security field. We’d love to send you a copy.