Knowledge is power. But too much knowledge can be debilitating. And security practitioners have been sounding the alarm that too many data alerts have been debilitating their efforts to keep business systems secure. What’s going on?
Challenges in maintaining situational awareness from multiple data alerts
Well, stakeholders note that serious challenges have emerged to impede the effectiveness of data alerts, many of which have to do with the kind and quality of the alerts themselves.
The data in those alerts is often considered too granular to be actionable. Coming from noisy sources, the data is often wrong or misleading, leaving responders tilting at windmills or jumping at shadows.
One of the more acute challenges, though, is the frequency of data alerts. The increasing pace of automatic notifications has created alert fatigue.
What is alert fatigue?
Alert fatigue happens when an overwhelming number of alerts desensitizes responding individuals to individual alerts – even when those alerts carry valuable information.
The effects of alert fatigue were first studied in public healthcare after the introduction of clinical decision support systems. Academic researchers subsequently noted that: “Despite their benefits, clinical decision support systems are sometimes criticized for issuing excessive alerts about possible drug interactions that are of limited clinical usefulness… (Kesselheim et al).”
The excessive warnings caused alert fatigue. Physicians, receiving too many of these alerts, were inadvertently ignoring individual alerts that turned out to be useful. The result was a diminution in effectiveness of the systems themselves with adverse consequences.
Cybersecurity experts, for their part, have also decried their increasing alert fatigue, particularly with the pandemic leading to a sharp rise in alerts.
How bad has the issue become?
The precipitous rise in data alerts in cybersecurity
In 2021, the International Data Corporation (IDC) issued a report on the effects of escalating cyber alerts on cyber response.
The numbers weren’t pretty. Surveyed staff reported spending more time (32 minutes) on alerts that turned out to be false leads than on actionable alerts.
As a result, more than a quarter (27 per cent) of all alerts were ignored or not investigated in mid-sized corporations. Slightly larger organizations (1,500 to 4,999 employees) saw personnel ignore nearly a third of all alerts.
Alert fatigue affecting morale and causing employee churn
Beyond that, alert fatigue is also creating risk for recruitment and retention.
Employees, particularly Security Operations Center (SOC) staffers, acknowledge not wanting the thankless task of wading through innumerable data alerts, many of which turn out to be false herrings.
Seeing this, employers have ramped up security spend on systems that produce even more alerts without having sufficient staff to triage actionable alerts.
Risk, as such, has increased everywhere – remaining staff think alerts are false; and organizations risk more missed real alerts, slow response times, and potentially infected systems.
What then can be done? Just as the wrong technology can exacerbate alert fatigue, the right solution can mitigate these negative effects, ensuring that actionable data alerts get through in a format that incentivizes speedy triaging.
All you need is to invest in the operational security management that deploys the correct information management frameworks (or triggers). To learn more, download our Authoritative Guide to Data Alerts.