Page 25 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 25
successful once in order to severely damage a business, while the organization’s security team must
ward off attacks 24x7x365 to be successful.
As a result, security analysts, who are already coping with too many responsibilities and too few
resources, must constantly cope with alert fatigue, which leads to critical alerts being missed at an
alarmingly high rate. Alert overload not only increases your organization’s overall cybersecurity risks, but
also results in low job satisfaction and high turnover for burned out employees.
COVID-19, Digital Transformation Drive Spike in Alerts
When experts study enterprise security, they find a few troubling trends that directly cause an increase
of alert overload. First, as enterprises continue to migrate applications and data to the cloud as part of
digital transformation initiatives, new security protections are added, often from new vendors.
The Cloud Security Alliance’s recent report, “State of Cloud Security: Concerns, Challenges, and
Incidents,” found that as remote workforces grew, so too did the reliance on additional cloud-delivered
security tools and virtual firewalls. The report found that “the use of cloud providers’ additional security
controls jumped from 58% in 2019 to 71% in 2021.”
The report’s authors believe that due to the current health crisis and the dramatic increase in remote
work, many organizations are unable to secure their networks – which are often hybrid ones with a mix
of legacy on-premises, public cloud, and private cloud infrastructure – using only traditional tools.
Therefore, organizations have had no choice but to add new security controls, each of which generates
new alerts.
More than 5000 Daily Security Alerts, and that Was Before COVID
Now, consider that before the pandemic hit Cisco found in its "2017 Annual Cybersecurity Report” that
44% of security operations managers were already inundated with more than 5000 security alerts per
day. In other words, alert fatigue was the new normal before remote workforces exploded and digital
transformation and cloud migration initiatives accelerated.
The study also found that most companies used more than five security products in their environment,
and those products often came from more than five security vendors. A full 65% of enterprises surveyed
used six or more security products, while more than half (55%) of those surveyed reported they had to
respond to alerts from at least six different vendors.
A 2019 study by CCS Insights of 400 senior IT leaders found that in enterprises with more than 1,000
employees the thicket of tools security teams must manage is even more complicated. CCS Insights
found that the average large business had more than 70 different security products from 35 different
suppliers, and while most enterprises intend to consolidate security, the consolidation trend has yet to
get started in any significant way.
25