The downside of detecting cyber security events

Cyber security threats are growing in sophistication and frequency, with no signs of slowing down. As we have seen in recent years, attackers don’t just target businesses. They also target local governments, police departments and public health services, among others.

Public sector organisations are facing a more severe threat level than private sector companies, with eight in ten reporting that they felt unable to defend against ransomware compared to six in ten private sector organisations.

By exploiting computer networks with automated botnets, hackers are seeking vulnerable and unprotected “soft targets” to infiltrate quickly and easily. With high-value data as the prize, hackers know public sector organisations have a lot to lose.

With an average of 10,000 cyber-attacks every day on councils alone and over £10 million in pay-outs over the past five years, it’s not an easy task.

Part of the strategy to fight this barrage is to focus on threat detection. The government wants the public sector to build its capability to detect cyber security events across every part of its estate to ensure that risks can be mitigated before they critically impact functions and services.

The dangers of over-detecting

However, detection alone can have unforeseen consequences. Although it may initially seem beneficial to provide continuous warning notifications, this approach can lead to “alert fatigue”. Employees start to feel barraged with so many alerts and updates that they become desensitized or lose sight of what is truly important.

This can lead them astray when confronted with malicious emails and make riskier decisions. Therefore, relying solely on detection is not enough; a more holistic security solution should be considered for maximum effectiveness.

Not only are employees overwhelmed by the number of alerts or frustrated by emails stuck in the spam filter, but the security team starts to suffer from a different type of alert fatigue.

Faced with thousands of daily attacks, security teams have turned to multiple-point products which has created an almost uncontrollable number of alerts. The majority of public sector organisations feel unable to respond to at least 40% of the alerts coming through.

For the public sector that is feeling the squeeze – or drowning in alerts – the key to regaining control lies in more intelligent automation and integration. As machine learning and AI capabilities have evolved in recent years, new solutions are emerging with the ability to autonomously sift and prioritise alerts, even when they don’t follow preloaded playbooks.

The power of artificial intelligence

Artificial intelligence is like having another colleague on the security team, one that works tirelessly. This system provides extra peace of mind – alerts will be recognized and acted upon automatically. With AI as part of the security process, human attention is only triggered when there are genuine issues that require addressing instead of being overwhelmed with alert spam messages at all hours.

To truly step-up public sector cyber security, integration is also necessary. Interconnectivity of each channel defence is a must. When one channel identifies an attack, threat intelligence can then be quickly shared across other systems to help keep similar threats out. This autonomous cloud security solution ensures increased efficiency and a significant reduction in alerts.

Alert fatigue has been the price of complex, unfit security systems for too long. And it will only get worse with a sole focus on detection. There is a better way. Autonomous, integrated cloud security.

Find out how Censornet can help, book a demo now.