Enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.
The Ponemon Institute surveyed more than 600 US IT and IT security practitioners with the aim of understanding the true cost of dealing with today’s volume of malware threats.
In a typical week, organizations receive an average of nearly 17,000 malware alerts; only 19% are deemed reliable – or worthy of action. Security teams are unnecessarily consumed by activity that pose no threat to their data security, which can distract them from dealing with threats that can lead to compromise. Compounding the problem, respondents believe their prevention tools miss 40% of malware infections in a typical week. The longer malware goes undetected, the greater the risk of a breach.
Key findings:
- Severity of Malware Infections has increased: 60% of respondents report that the severity of malware infections has significantly increased (16 %) or increased (44%) in the past year.
- 'Ad hoc' response to malware containment: Despite this growth, when asked about their approach to malware containment, 33% of organizations revealed that they have an unstructured or “ad hoc” approach to the process. In terms of responsibility, 40% of respondents say there is no one person or function accountable for the containment of malware.
- Lack of automated response: Only 41% of respondents say their organization has automated tools that capture intelligence and evaluate the true threat caused by malware.
Brian Foster, CTO of Damballa, noted, "These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time. The severity and frequency of attacks is growing, which means that teams need a way to focus on responding to true positive infections if they are to get a firmer grip on their security posture.”
Foster continued, "It's more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organization's risk exposure and make the best use of their highly-skilled, limited security resources."
