Many businesses don't even know they've been hit by a security breach
Most IT teams get too many alerts to address them all
Many businesses don’t know if they have suffered a data breach, and probably wouldn’t be able to spot such an event at all, due to the ever-expanding threat landscape, and notification fatigue among IT staff, new research has claimed.
A report from cybersecurity experts Vectra AI surveying more than 2,000 IT security analysts found that nearly all (97%) are worried they’ll miss important security events, while 71% admitted to possibly being compromised, but not knowing.
Two key reasons for this are the threat landscape that keeps on growing, and the endpoint tech stack that often only makes things worse. For 63% of the respondents, their attack surface grew this year. For 70%, the same happened for the number of security tools in use, while for 66%, the number of alerts rose “significantly”.
"Pointless alerts"
“This is creating a “spiral of more” which threatens to overwhelm their ability to respond quickly to alerts and manage breaches and is causing analysts to consider leaving their jobs,” the company said in a press release.
On average, IT teams get almost 4,500 alerts, while only being able to address roughly two-thirds of those (67%). For two in five, they think it’s only a matter of time before they miss something major, and agree the security tools they work with only increase their workload. They also believe they’re being flooded with “pointless alerts”.
That’s why most SecOps professionals are considering quitting their jobs. Many are actively looking for new roles. Two in five want to leave because they’re spending too much time going through pointless alerts, while a third feel constant stress, burnout, and “mind-numbing” boredom.
“The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade,” said Kevin Kennedy, senior vice president of products Vectra AI. “As an industry, we cannot continue to feed the spiral, and it’s time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- These are the best malware removal tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.