Many businesses don’t know if they have suffered a data breach, and probably wouldn’t be able to spot such an event at all, due to the ever-expanding threat landscape, and notification fatigue among IT staff, new research has claimed.
A report from cybersecurity experts Vectra AI surveying more than 2,000 IT security analysts found that nearly all (97%) are worried they’ll miss important security events, while 71% admitted to possibly being compromised, but not knowing.
Two key reasons for this are the threat landscape that keeps on growing, and the endpoint tech stack that often only makes things worse. For 63% of the respondents, their attack surface grew this year. For 70%, the same happened for the number of security tools in use, while for 66%, the number of alerts rose “significantly”.
“Pointless alerts”
“This is creating a “spiral of more” which threatens to overwhelm their ability to respond quickly to alerts and manage breaches and is causing analysts to consider leaving their jobs,” the company said in a press release.
On average, IT teams get almost 4,500 alerts, while only being able to address roughly two-thirds of those (67%). For two in five, they think it’s only a matter of time before they miss something major, and agree the security tools they work with only increase their workload. They also believe they’re being flooded with “pointless alerts”.
That’s why most SecOps professionals are considering quitting their jobs. Many are actively looking for new roles. Two in five want to leave because they’re spending too much time going through pointless alerts, while a third feel constant stress, burnout, and “mind-numbing” boredom.
“The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade,” said Kevin Kennedy, senior vice president of products Vectra AI. “As an industry, we cannot continue to feed the spiral, and it’s time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes.”
Source link
