Overly complex security systems can actually increase the cost of a cyberattack. Here’s how to improve your security system.
- The business security environment is rapidly becoming more complex, causing business cybersecurity systems to also increase in complexity.
- IBM’s Cost of a Data Breach 2022 Report found increased security system complexity was the single greatest factor for raising the average cost of a data breach.
- Security system complexity can cause alert fatigue among IT and security workers, leading to workers becoming overwhelmed and potentially missing the first signs of a cyberattack.
- This article is for business owners and IT security managers who want to learn more about the downsides of security system complexity and how to best protect their business.
Businesses today face more potential cyberattacks in an increasingly challenging security environment. The rise in remote work, the shift to the cloud and the proliferation of mobile devices has radically changed network security and the manner in which businesses need to go about securing their data and work environments. This rise in complexity has led to a commensurate rise in security system complexity.
However, this complexity makes businesses less safe and leads to higher costs should a data breach occur, according to IBM’s recently released Cost of a Data Breach 2022 Report. For instance, the average cost of a data breach for a company with a high level of security system complexity was $5.49 million, while the average cost for businesses with a low level of security system complexity was $3.02 million. With this in mind, we’ve put together the following primer on how your security system could be causing “alert fatigue,” as well as steps to improve your business’s overall security.
What is alert fatigue?
In general, the more complex a business’s security system is, the more security alerts the security and IT teams will have to triage. For organizations with straightforward or well-integrated security systems in which all devices work in concert – sometimes referred to as “single pane of glass monitoring” – redundant alerts are combined or filtered out, greatly reducing the workload on staff.
On the other hand, businesses may suffer from having a multitude of security devices that may not be interoperable. In this case, each device will log its own incidents and send out its own alerts; for some devices, this could be thousands of event logs per hour. When these events are not correlated, the cascade of alerts can take a significant toll on security and IT staff, their performance, and overall business security. This set of negative outcomes is known as alert fatigue.
Alert fatigue consequences
Having a multitude of security devices with differing levels of interoperability is expensive. Worse than that, though, is that the alert fatigue from such a security system setup can lead to a series of cascading negative outcomes. From a purely financial standpoint, IBM found that security system complexity was the most expensive factor in determining the average cost of a data breach.
This increase in cost is likely due to a number of factors; however, alert fatigue is likely to be a primary driver. An October 2021 report from cybersecurity company Trend Micro surveying IT and security professionals found 51% of all security respondents were overwhelmed by the number of security alerts they received.
Additionally, 55% of respondents did not feel confident being able to prioritize alerts, with analysts also noting that the number of alerts made it difficult to sort through false negatives and potentially find stealthier and more advanced threats. This could also lead to worse outcomes in the event of a data breach, as it could give a cybercriminal more time within a business’s networks.
The sheer number of alerts inherent within complex systems can also increase employee turnover, as well as decrease the ability of workers to focus on the job at hand, reducing the IT team’s ability to mitigate the impact of a cyberattack. Trend Micro found that 70% of respondents felt emotionally affected by work and faced burnout. Large numbers of surveyed workers frequently or occasionally assumed alerts were false positives (49%), turned off alerts (43%), walked away from a computer because they felt overwhelmed (43%) and ignored alerts completely (40%).
What’s driving alert fatigue?
Alert fatigue comes as the business security environment becomes more complicated, making a business’s vulnerability to attack too complex and overwhelming to monitor accurately. Numerous factors play into this rise in complexity, the majority of which are beyond a business’s control.
For example, according to a survey of security professionals by the Enterprise Strategy Group, these are the three factors most responsible for why security teams are struggling more now than in the past:
- The rapid evolution and change in the types of threats businesses face
- The collection and processing of more data than in the past
- The growth in security alert volume
These changes were, in part, driven by the COVID-19 pandemic, as the transition to a remote or hybrid workforce has opened up new avenues of attack for cybercriminals to exploit. Cybercriminals themselves are also changing their strategies and are operating their criminal endeavors more like businesses as well. This change among criminals led to an unprecedented number of cyberattacks in 2021, according to the FBI’s Internet Crime Report 2021.
As the security environment becomes more complicated, the overall security and risk management market for end users has grown substantially. This market grew 12.2% in 2022, according to Gartner Research, and reached a total value of $172.5 billion. As the overall size of the market grows, the number of tools and services businesses have at their disposal also increases, furthering the likelihood of security complexity if businesses do not know which tools to purchase and instead take the approach of more is better.
In Trend Micro’s October 2021 report, the company found that larger organizations had, on average, 46 monitoring tools in place. Many of these tools, according to the survey, did not integrate or work well together. While smaller businesses are likely to have fewer tools, they are also likely to have significantly smaller IT and security staffs to analyze alerts and ensure tools are functioning correctly and are interoperable.
How to avoid alert fatigue
Due to the number of factors causing alert fatigue, there is no single solution businesses can employ. However, there are still several changes businesses can make to their overall security systems that can reduce complexity, increase security and potentially cut costs.
Zero-trust architecture
One solution businesses should consider, if they have the technical staff necessary, is introducing a zero-trust model for security. Zero-trust involves continuous identity verification for all users, even those working on well-known devices.
Zero-trust is a relatively new cybersecurity design that was created as a response to changes in working conditions, such as an increase in remote work and the use of cloud environments. By rethinking how to design networks and which security tools and solutions to use, zero-trust can help reduce the total number of alerts businesses need to grapple with.
Artificial intelligence and machine learning
Businesses struggling with an overload of alerts and security tools can also consider making the shift to using a security artificial intelligence (AI) and automation tool. These tools are the opposite of security system complexity, as they use AI, machine learning and analytics to identify and contain potential cyberattacks.
While these systems will require the use of an outside vendor, IBM’s Cost of a Data Breach 2022 report found that using such systems was the single most effective tool for lowering the cost of a data breach: Data breaches for businesses with a fully deployed security AI and automation tool cost 65.2% less than they do for businesses without any security AI and automation tools deployed.
Managed service providers
Businesses without the technical ability to fully replace or redesign their security systems can also consider outsourcing their security and turning to a managed services provider (MSP) for help managing their detection and response capabilities. An MSP can also help a business to maintain its networks and perform updates as necessary to keep systems running smoothly.
What is the future of alert fatigue?
Unless businesses take conscious action to reduce security system complexity and manage alerts, alert fatigue is likely to get worse in the coming years. The security industry, the nature of work and cyberthreats are all becoming increasingly sophisticated. This will only increase the number of alerts businesses must triage.
However, alert fatigue is not inevitable, and solutions exist that can help lower overall complexity, reduce employee burnout and ultimately lower the cost of a data breach. Even simple measures can ultimately improve a business’s security and reduce the number of alerts. To learn how to quickly improve cybersecurity for SMBs, read our guide.
Courtesy- https://www.businessnewsdaily.com/security/smb-risk
