Security Alert Overload: Unsustainable and Unnecessary
Over a quarter (27%) of UK organisations have more than 31 security point products in place. The number of point products available seems endless, from firewalls and vulnerability management to anti-virus and endpoint security. These applications will send alerts about anomalies, threats, and breaches so that cybersecurity teams are able to apply safeguards and prevent an attack from causing any damage.
Now, imagine how many alerts there are when 31 different products send multiple warnings a day. The result is an overwhelming volume of information on potential threats. On an average day, organisations deal with 716 cyber security alerts, with each security professional having to investigate 23 security alerts an hour. And hackers do not respect ‘business hours’. Cybercriminals are increasingly targeting organisations out of hours, during the night or over the weekend. Over a third (38%) of security professionals have received a call to investigate an incident in the middle of the night. This 24/7 threat requires businesses to have their guard up at all times.
The human cost of alert anxiety
For SMEs with limited resources, this alert overload problem adds both financial and human costs. 69% of mid-market organisations have three or fewer team members focused on cyber-security, and don’t have the budget to hire more. This level of alert overload leaves 42% of security staff fear missing a critical cyber security alert that will allow a threat to enter the business.
Short-term solutions won’t do
Cybersecurity teams have to find ways to deal with this alert overload. Security professionals have had to introduce criteria to decide which warnings are prioritised or randomly select alerts and ignore the rest. This causes serious security vulnerabilities. Almost one in ten respondents say that 60% of daily threats are not investigated, while 9% reported that 70% of threats are not dealt with properly. If these alerts are not suitably investigated, a dangerous attack could easily slip through an organisation’s defences.
Another option is for organisations to invest a substantial sum of money into their cybersecurity response. However, paying for multiple point products adds up, as does hiring extra incident-response personnel or having a Security Operations Centre (SOC) operating day and night. While large enterprises with significant budgets and well staffed security teams can afford to run expensive security systems, a lack of similar resources makes mid-sized businesses more vulnerable to a cyberattack. One in five (19%) have admitted their employer’s greatest challenge is finding sufficient resources in the cybersecurity team. With so few personnel and resources, combined with an unmanageable quantity of alerts, cybersecurity staff are increasingly burning out.
The overload of alerts creates a highly stressful environment that leads to burnout and risks staff leaving the organisation. Cybersecurity teams in mid-market organisations are often understaffed – 69% of businesses have three or fewer people looking after cybersecurity and 45% have two or less. While smaller teams means more alerts for each person to investigate, placing more pressure on each individual. Almost half (47%) of security professionals feel overwhelmed with the sheer volume of alerts, while 31% are unable to cope due to prolonged periods of work-related stress. It’s no wonder that the security industry has one of the highest employee turnover rates, facing a concerning staff retention challenge.
AI, autonomy, integration
So how do we remove the fear of missing critical alerts, and the stress of managing hundreds of them every day? The answer is an integrated, autonomous platform that uses AI to reduce unnecessary alerts to security staff. Automated security products that mechanically perform simple jobs fail to identify and detect unknown threats. For an effective, proactive security posture, products must be able to respond to the unknown. This is where autonomous security excels, responding to unknown threats without the need for human intervention, even at 2am. It allows security staff to focus on advanced work, instead of sifting through hundreds of false-positive alerts, while round-the-clock protection means businesses are protected even when staff are getting some much needed sleep.
By having a platform which tightly integrates intelligent protection across the major attack surface, businesses are also protected against multi-channel attacks: those that start in one channel (for example, an email phishing attack), but spread to either web or cloud applications. Gartner estimates that by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security platform. Not only is this more cost effective than paying for multiple security products and staff, but it enables organisations to ensure hackers don’t slip through the cracks in their defences and support the wellbeing of security teams.