In theory, technology is supposed to improve processes. But where cybersecurity is concerned, the amount of time, expertise, and effort it takes to effectively manage the vast array of security products is stretching many an IT staff too thin. Not only that, but the tools and technology in place are often inadequate or out-of-date, noisy (as is the case with SIEM alerts), or extraneous.
The pressure for IT departments to keep up
The Identity Theft Research Center confirmed there were more data breaches in 2016 than in any year prior. In response to the ever-increasing risk of cyberattack, IT teams are feeling pressure from above to quickly safeguard information systems with the latest cybersecurity tools. According to a recent survey, three out of four IT managers feel cornered into purchasing security products despite lacking the resources to properly implement, manage, and maintain them.
An influx of alerts and false positives
The thousands of alerts that come with adding more security tools aren’t just annoying – they can be severely detrimental to the IT team and the business itself, especially as continuous growth and expansion results in a greater number and intensity of malware alerts. If not properly managed, the sheer volume of alerts can promote a noisy environment and cause alert fatigue.
Out of the massive amounts of alerts that organizations receive from their security products, around 40% end up being false positives. Investigating these false positives can distract from legitimate malware alerts, which may be left unattended to or overlooked and thus placing the business in a vulnerable position to be attacked. Furthermore, the time and manpower consumed by these alerts could otherwise be applied towards making improvements in the organization’s overall security posture.
Just take the Target data breach. The alerts about actual suspicious activity that should have been addressed immediately were instead buried under a mountain of false positives, allowing the intrusion to explode into a massive data breach that cost them over $100 million in settlements alone. This example demonstrates how alert fatigue and false positives are not only annoying, but can also be disastrous. Thus, overloading on technological investments is simply not the best security strategy to pursue.
Finding the way forward
“Start focusing more holistically on improving overall security posture.”
How can mid-sized companies protect themselves from cyberthreats?
Our main recommendation is this: Stop purchasing new cybersecurity tools that your IT staff have neither time nor expertise to manage, and start focusing more holistically on improving your overall security posture. Map out your network topology, minimize attack surfaces wherever possible, and then assess your IT environment for risks. Once you understand those risks, you can begin to identify the types of tools you need to mitigate them. By doing all of this, you will effectively create the foundation upon which a threat detection and response strategy can be built.
There are a lot of steps that require cautious and focused deliberation, but it’s not impossible to protect your organization, and you don’t have to do it alone. To learn more, click on the banner below.