For many firms, as cyberattacks are increasing in number and sophistication, there are still countless hours wasted in the war to secure data by chasing after false positives. CRITICALSTART’s report “The Impact of Security Alert Overload“, details the challenges false positives are creating for the cybersecurity industry.
By surveying Security Operations Center professionals across enterprises, Managed Security Service Providers, and Managed Detection Response providers,the survey found that 70 percent of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45 percent reported investigating double-digit alerts each day.
Within this, the false-positive rate is 50 percent or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.
CRITICALSTART founder and CEO Rob Davis tells Digital Journal more about this issue and what businesses can do to address the challenge.
Digital Journal: What are the main cybersecurity risks facing businesses?
Rob Davis: In an increasingly connected and digital world, businesses of all sizes from a diverse set of verticals and industries are facing more and more attacks each day. These attacks aren’t just increasing in frequency, but also in sophistication. Rather than focusing on any single risk, it is imperative that businesses strengthen their security footprint to guard against the wealth of tools malicious online actors have at their disposal.
DJ: Where are these threats coming from?
Davis: The sources of these threats are widespread. In addition to individuals seeking financial gain, we have seen an uptick in state-sponsored online attacks that are meant to disrupt government, economies, and even elections.
DJ: How much time and resources are business putting into combating cyber-risks?
Davis:Unfortunately, not enough. This isn’t necessarily because the business isn’t trying. It is largely a function of being inundated with attacks, or supposed attacks. We have found that the number of ‘false positives’ is increasing exponentially, and those phony alerts are eating up an enormous amount of time and manpower, leaving targets even more exposed to genuine threats. For this reason, it is imperative that businesses, organizations, and institutions invest in solutions that help them properly ID and manage the threats they face.
DJ: How much time is each risk taking for the typical businesses to assess?
Davis:We actually conducted a survey that provided some great data on this subject. 78% of our survey respondents reported it takes more than 10 minutes to investigate each alert, and 70% are investigating more than 10 of these alerts daily. When you consider these numbers, it becomes even more imperative that businesses invest in cybersecurity solutions that mitigate these workloads.
DJ: What are the weaknesses with the standard approaches being taken?
Davis:Because there are so many false positives and because each alert–real or not–takes so long to investigate, many alerts are being ignored or forgotten altogether. When these alerts are false positives, it is a no harm, no foul situation. However, it only takes one real threat to bring down an entire network or business operation, so the fact that even one alert is being ignored is troubling to say the least. By relying on outdated approaches that require detailed human interaction with each and every alarm that is raised, businesses are inviting chaos.
DJ: What are the ideal solutions for businesses to adopt?
Davis:Before making any decisions on adoption, it is important for all organizations to understand the tools they already have in place and that they are being implemented correctly. From there, decision makers have to stay involved every step of the way to ensure the solutions they are adopting provide 24/7, 365 coverage, and that they are mobile and transparent. Cybersecurity solutions are rarely one-size-fits-all, but around the clock coverage and transparency are must-haves no matter what.
