Enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.
The Ponemon Institute surveyed more than 600 US IT and IT security practitioners with the aim of understanding the true cost of dealing with today’s volume of malware threats.
In a typical week, organizations receive an average of nearly 17,000 malware alerts; only 19% are deemed reliable – or worthy of action. Security teams are unnecessarily consumed by activity that pose no threat to their data security, which can distract them from dealing with threats that can lead to compromise. Compounding the problem, respondents believe their prevention tools miss 40% of malware infections in a typical week. The longer malware goes undetected, the greater the risk of a breach.
Brian Foster, CTO of Damballa, noted, "These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time. The severity and frequency of attacks is growing, which means that teams need a way to focus on responding to true positive infections if they are to get a firmer grip on their security posture.”
Foster continued, "It's more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organization's risk exposure and make the best use of their highly-skilled, limited security resources."