Alert Overload Distressing 70% of SecOps Teams

Written by

Nearly three-quarters of security operations (SecOps) leaders say their home lives are being impacted by the stresses of alert overload, according to a new global study from Trend Micro.

The security vendor polled over 2300 cybersecurity decision-makers that run Security Operations Centers (SOCs) or SecOps from within their IT security function, to compile its report, Security Operations on the Back Foot.

It revealed the inadequacy of current tooling to help them prioritize alerts generated from multiple security controls across the organization.

Over half (51%) said their team is being overwhelmed by the volume of alerts and 55% admitted that they aren’t confident in their ability to prioritize and respond to them. On average, respondents said they’re spending over a quarter (27%) of their time dealing with false positives.

This is taking its toll emotionally: 70% claimed they feel so stressed outside of work that they’re unable to switch off or relax, and are irritable with friends and family.

In the SOC or IT security department, many admitted to turning off alerts (43%), walking away from their computer (43%), hoping another team member will step in (50%), or ignoring alerts entirely (40%).

"We're used to cybersecurity being described in terms of people, process and technology. All too often, though, people are portrayed as a vulnerability rather than an asset, and technical defenses are prioritized over human resilience,” argued cybersecurity researcher Victoria Baines.

“It's high time we renewed our investment in our human security assets. That means looking after our colleagues and teams, and ensuring they have tools that allow them to focus on what humans do best."

The figures chime with research from Sumo Logic last year which revealed that 99% of organizations are experiencing high volumes of alerts which cause issues for SecOps teams. A further 83% admitted this leads to alert fatigue for staff.

What’s hot on Infosecurity Magazine?