Increasing number of false positives causing risk of alert fatigue

More than two-fifths (43%) of organizations experience false positive alerts in more than 20% of cases, while 15% reported more than half of their security alerts are false positives. On average, respondents indicated 26% of alerts fielded by their organization are false positives, a Neustar repot reveals.

alert fatigue risk

In response to growing cybersecurity threats, enterprises are investing significant resources in network monitoring and threat intelligence technologies that create more alerts – and more false positives – for security teams.

Security tools contributing to data overload and alert fatigue

The survey found two-fifths (39%) of organizations have seven or more tools in place that generate security alerts, and 21% reported using more than ten.

“Security tools that simply produce large quantities of data to be analyzed, without contextualizing potential threats, are contributing to data overload, alert fatigue and burnout,” said Rodney Joffe, chairman of NISC and SVP and Fellow at Neustar.

Cybersecurity teams are increasingly drowning in data and are overwhelmed by the massive volume of alerts, many of them false positives. To ensure these high-value employees in mission critical roles are well-equipped to separate the signal from the noise, enterprises need a curated approach to security data that provides timely, actionable insights that are hyper relevant to their own organization and industry.”

Threats continuing their upward trajectory

The report indicates that threats are continuing their steady upward trajectory across vectors. The International Cyber Benchmarks Index, which reflects the overall state of the cybersecurity landscape, reached a new high of 29.8 in January 2020.

In November–December 2019, the surveyed security professionals ranked distributed denial of service attacks as their greatest concern (22%), followed by system compromise (20%) and ransomware and intellectual property theft (both 17%).

During the same period, social engineering via email was most likely to be perceived as an increasing threat to organizations (59%), followed by DDoS attacks (58%) and ransomware (56%).

Don't miss