US firms spending millions on false positive security alerts

US$ 1.3 million spent on false positive cyber-security alerts

US firms spending millions on false positive security alerts
US firms spending millions on false positive security alerts

A new report on the costs of malware containment has revealed that US firms are spending approximately US$1.3 million (£860,000) a year dealing with false positive cyber-security alerts, the equivalent of nearly 21,000 hours of man hours.

The study – which was commissioned by Damballa and carried out by The Ponemon Institute - sought to understand how companies respond to malware attacks, and it found that organisations were often responding with ‘ad hoc' incident plans or – worse still – were often wasting their time and resources on investigating ‘false positive' security incidents.

In a typical week, US organisations are said to receive an average of nearly 17,000 malware alerts and yet only 19 percent of these deemed ‘reliable' or worthy of remediation action.

This issue is further compounded by weak security tools – respondents claimed that their prevention technologies miss 40 percent of malware infections in a typical week, a worrying statistic considering that the majority of respondents (60 percent) also reported that the severity of malware infections had increased in the last year.

Companies' incident plans were also considerably mixed in their maturity; 33 percent of organisations said that they had an unstructured or “ad hoc” approach to the process while 40 percent said that no one person of function was accountable for trying to contain malware.  41 percent of respondents said their firms had automated tools to capture intelligence and evaluate the threat.

Brian Foster, CTO of Damballa, said in a statement: "These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time. The severity and frequency of attacks is growing, which means that teams need a way to focus on responding to true positive infections if they are to get a firmer grip on their security posture.”      

"It's more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organisation's risk exposure and make the best use of their highly-skilled, limited security resources."