Firms Waste $1.3 Million Each Year on False Positives

US companies spend $1.3 million each year addressing cybersecurity alerts which turn out to be false alarms, wasting nearly 21,000 man hours, according to new research from the Ponemon Institute.

The analyst spoke to over 600 IT and IT security professionals in US enterprises to compile its Cost of Malware Containment report, sponsored by security vendor Damballa.

It found that firms get almost 17,000 malware alerts each week but only 19% are deemed reliable.

Respondents also admitted that 40% of infections aren’t spotted by their malware prevention tools, increasing the risk of a serious data breach.

The problem is getting worse. Some 60% of those interviewed by Ponemon said the severity of malware infections had increased over the past year.

Organizations’ response to infections is also disjointed, the study found.

A third of respondents said they only have an ad hoc approach to incident response, while 40% claimed that no one function in the company is responsible for containing malware.

Damballa CTO Brian Foster argued that organizations have to change their mindset from preventing attacks to detecting and responding to infections before theft occurs.

“If you can filter out the noise and focus on what matters, the challenge becomes more bearable. If you can automate as many manual processes as possible, the challenge becomes manageable for respondents,” he told Infosecurity.

“Breach readiness always involves people, processes and technology. If one is off-kilter it has a trickle down and across effect. When it fails, the burden shifts from tools to people and there aren’t enough skilled staff or hours in the day to deal with the repercussions. That’s why we see so many companies getting breached.”

There’s no quick fix for firms which aren’t approaching cybersecurity in the right way, but Foster recommended a measured “assess and amend” approach as opposed to “rip and replace.”

“First, assume you will be breached and start thinking like a cyber-criminal. Have a firm grip of what data is most valuable to your organization, where it is kept and who has access to it. Try to find the holes in your security program before someone else does,” he advised.

“When you find a weakness, determine if you can address with existing people, processes and technologies. If not, amend your program accordingly. That may require updating policies, refocusing staff and integrating or considering new technologies that could boost your state of breach readiness.”  

What’s Hot on Infosecurity Magazine?