Cybersecurity Professionals Face Alert Fatigue

Cybersecurity, Fatigue

Security operations center (SOC) analysts are inundated with a high volume of alerts and are spending a lot of time sorting through the false positives creating alert fatigue.

Security operations center (SOC) analysts are today overwhelmed by alerts and keep too busy chasing and investigating what are often false alarms. This results in burnout and costs staff morale and wo readiness. According to a survey, from CriticalStart, a security company found that over 80% of analysts believe that their SOC had experienced a churn between 10% and 50% in the past year.

The report, ‘The Impact of Security Alert Overload,’ also revealed that 70% of security professionals have to investigate more than ten alerts every day. This is up by 25% from 2018. With the complications increasing on the threats, more than three-quarters (78%) of security professionals said that it takes over 10 minutes to look into each alert. This too is up by almost 15% from last year. Out of all the warnings investigated on, false-positives are the most common. Almost half of the respondents reported that 50% or higher alerts are false positives.

In response to the excessive work, over 35% of respondents said that their SOC has either tried to increase staff by hiring more analysts or turned off high-volume alerting features.

Many security professionals spend the most amount of their time trying to manage the high volume of alerts. Many SOC analysts believe that alert fatigue impacts their jobs. Only 40% of professionals actually spend time in analyzing and remediating security threats. A year ago, this was the chief responsibility of 70% of the professionals.

There is also no time left for training since most of the professionals spend less than 20 hours a year in training. Experts believe that given the current dynamic threat environment, lack of training can affect the core of the organization’s security and cause considerable losses in the end.

The security risk posed by the high level of alert fatigue can cause the overwhelmed and overworked security teams to impede by other factors like lack of network visibility.

Experts believe that as SOCs are burdened with alerts, they begin to ignore the low to medium priority alerts and even tune out or turn off the noisy security applications. This can lead to exposed risks and threats. Combining the almost null training with the stressful work environment, the reason for high churn rates of SOC analyst is apparent. This results in enterprises only being more exposed to security risks and threats.

Read MoreEssentials to Build a Digital-ready Enterprise Culture

Previous articleWays to Maximize Cybersecurity Return on Investment
Next articleAavenir Unveils AI-enabled Accounts Payable (AP) Automation Solution on ServiceNow to Optimize Finance Operations
Meeta Ramnani is the Senior Editor with OnDot Media. She writes about technologies including AI, IoT, Cloud, Big Data, Blockchain across various industries with a focus on Digital Transformation. An avid bike rider, Meeta, is a postgraduate from Indian Institute of Journalism and New Media (IIJNM) Bangalore, where her specialization was Business Journalism. She carries four years of experience in mainstream print media where she worked as a correspondent with The Times Group and Sakal Media Group in Pune.