Your cybersecurity team walks into the office, and their day is instantly taken off the rails. They get an alert informing them that something on the network is acting suspiciously. It isn’t necessarily a threat, but they don’t have the tools to know for sure. After looking into it, they learn that a SaaS provider for one of their departments delivered an update that caused a service degradation. Thankfully, it isn’t an attack.
But organisations take a significant risk in relying on technology alone, however advanced. While good security technology can provide part of the answer, the sheer number of alerts generated demands constant attention. Without the right resources to analyse and manage these outputs, critical alerts may end up being ignored.
Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond. They can quite literally save a life. The same goes for severe weather alerts that warn of impending tornadoes or hurricanes.
With the work-from-home shift showing little signs of letting up and new IT spending habits taking shape, organizations should prepare themselves now for an adjustment in security strategy in 2021. The obvious ramifications of remote work from a security operations perspective has meant an increase in threats, as well as a doubling down of the cloud-first mentality which has helped organizations maintain business as usual and nimbly react to new WFH dynamics. What does 2021 hold?
Alert fatigue is a well-known phenomenon with security products – the security team gets a lot of alerts (from the SIEM, for example), it tries to triage and act upon all of them, but at some point, they are so many and so few of them are actual threats, that the security team just ignores them. And that leads to both overworked security teams and an increased risk for missing an actual threat. Why is that happening? It’s hard to tweak a system right, no matter how flexible it is.