Skip to main content

Cyber Threats, Unintegrated Tools and Alert Fatigue

November 06, 2019

Make sure the cure isn’t worse than the disease…

Unintegrated Tools and Alert Fatigue Blog Image

In a well-publicized data breach several years ago the targeted company saw more than 40 million customers affected and its financial losses wound up well north of $200 million. The hack also took down multiple senior leaders.

Interestingly, the company’s security products actually detected the intrusion, but no action was taken. Due to the high volume of alerts from multiple security tools and the frequency of false alarms the IT team simply ignored it.

The condition – known as “alert fatigue” – is a sort of “boy who cried wolf” phenomenon. And it’s surprisingly common.

Several factors contribute to the problem. For one thing, there’s simply so much data – most organizations face a major challenge knowing what they have, where it is, who should have access and how it should be used. In this environment, attention is necessarily stretched thin.

Second, most organizations struggle to adequately staff their cybersecurity operations thanks to a significant talent shortage (that’s only getting worse).

Third, the number (and seriousness) of cyber attacks, already huge, is steadily increasing.

Finally, the proliferation of unintegrated cyberdefense tools can actually make the problem worse by eroding the effectiveness of the security team. Cybersecurity professionals get so used to alarms they begin tuning them out. According to the Cloud Security Alliance:

…half of enterprises have six or more tools that generate security alerts. Among IT security professionals, 40.4% say that the alerts they receive lack actionable intelligence to investigate and another 31.9% report that they ignore alerts because so many are false positives. With the enormous volume of events generated by cloud usage – an average of 2 billion transactions each month at the average enterprise – it’s important that a cloud threat protection solution not add to this noise. [emphasis added]

The Ponemon Institute estimates “enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.” And all that wasted time dulls an organization’s vigilance.

The takeaway for CISOs and other cybersecurity professionals is straightforward: your cybersecurity solutions need to enhance signal, not contribute to the noise. A profusion of unintegrated tools generating false positives is an award-winning recipe for disaster, especially in a context where 1.7MB of data is being created every second for every person on earth.

Enterprises are certainly capable of addressing these challenges head on, and that process starts with adopting a strategic, risk-centric approach to supporting business requirements and outcomes.

Our new infographic book, A Visual Landscape of Cybersecurity, is 100 pages of eye-opening stats and insights for CISOs to board members to SOC analysts and everyone else in the information security field. We’d love to send you a copy.

Related Blogs

May 01, 2019

Organizations Shift from Identity and Access Management to Identity and Data Management

With the exponential growth in unstructured data each year, coupled with cloud adoption and IoT devices, it is critical that organizations begin to pi...

See Details

June 19, 2019

Managing Identity in the Digital World

Understanding who has access to systems and data has never been more important. The demand for mobility and accessibility which has driven the move to...

See Details

July 06, 2017

Indicators of Compromise (IOCs) are Not Intelligence

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence b...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.