‘The Attackers are Winning’ as Alert and Security Fatigue Sinks In

Enterprise security teams receive an average of 4,484 alerts per day, and over two-thirds (67%) of these alerts are simply ignored. It’s getting to the point where 67% of security analysts are considering or actively leaving their jobs, citing factors such as stress, lack of leadership empathy, and poor-quality security alerts.

Unfortunately, while tech bandits never seem to run out of energy, many security professionals are facing burnout and exhaustion.

That’s the word from a recent survey of 2,000 security analysts, published by Vectra AI, which finds alert noise and time spent on alert triage are increasing. “Detection blind spots and false positives are growing, and security analyst alert fatigue, burnout, and turnover are at a tipping point,” the report’s authors warn.

Add to the challenge is a reported 3.4-million person talent deficit, they add. “Today’s threat detection and response is broken, and it’s pushing humans to the brink. Is it time for organizations to rethink traditional industry approaches to threat detection and start holding vendors accountable for the efficacy of their signal? This research indicates yes, because attackers are winning.”

The challenge is a combination of too many false alarms, combined with too many unknowns. Most security analysts (97%) worry they’ll miss a relevant security event because it was buried in a flood of security alerts, the survey shows. At the same time, nearly three-quarters (71%) of analysts admit
the organization they work in may have been compromised and they don’t know about it yet.

Detecting, investigating, and stopping advanced cyberattacks at scale and speed is becoming increasingly unsustainable with the complexity of people, processes, and technology.

A majority of analysts say the size of their organization’s attack surface (63%), the number of security tools (70%) and alerts (66%) they manage have significantly increased in the past three years. “A perfect storm of an ever-expanding attack surface, highly evasive and emerging attacker methods, and increasing workloads is resulting in a vicious spiral of more for security teams,” the survey’s authors state.

See also: Cybersecurity Will Shift in 2023 Thanks to AI

The Vectra authors recommend that security teams apply stronger measurements to their progress in warding off attackers. “Currently, most measure security operations maturity via factors like reduced downtime (65%), time to detect, investigate and respond (61%), breaches prevented (61%), and the number of tickets dealt with (60%). But it’s debatable how useful prioritizing the continuous measurement of such metrics is if the organization is breached unknowingly on a continual basis.”

While vendors need to step up and take a more active role in cybersecurity, the authors encourage a re examination of their enterprises’ entire decision-making process. Almost two in five (38%) claim that tools are often purchased more as a “box-ticking exercise” to meet compliance requirements. Plus, nearly half (47%) wish that other IT team members would consult with them before investing in new products.