Alert Fatigue: A Hidden Cybersecurity Threat
May 4, 2023 - Ellie Gabel
Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.
Imagine living with a faulty smoke detector. The random beeping would be annoying and stressful because the house could really be on fire, and ignoring the alarm even once could spell disaster.
Many IT professionals are inundated with constant security alerts, many of which are false alarms. The burnout associated with fending off alarms every day is called alert fatigue. Here’s how it can affect IT team members and steps that can be taken to minimize burnout leading to resignations.
Crying Wolf
One of the biggest contributors to alert fatigue is false positives. Many security alert systems are very sensitive but not specific enough to determine whether unusual activity is truly suspicious. Therefore, erring on the side of caution, they sound the alarm even in the absence of a threat — much to the chagrin of cybersecurity specialists.
For example, the security system might issue an alert when someone logs in from an unknown location. The employee may be working from home or another town, but the system doesn’t know that and will treat the incident as a potential emergency. It lacks an understanding of context.
About 81% of surveyed IT professionals said over one-fifth of their cloud security alerts were false positives. A real cybersecurity alert may take just half an hour to resolve, but false positives take longer because they often lead employees on a wild goose chase.
Over time, false positives can lead teams to ignore real security alerts, as was the case with Target’s 2013 data breach. Security company FireEye raised the alarm at least five times after noticing malware on Target’s network, but the retail giant’s security team in Minneapolis brushed off the alerts.
The malware was able to exfiltrate data for nearly two weeks before law enforcement finally stepped in. The incident was one of the largest retail breaches in U.S. history.
A Firehose of Information
Even legitimate alarms contribute to alert fatigue. Managed service providers receive constant updates about suspicious activity or harmful files that could endanger their clients’ systems. Monitoring tools like Security Information and Event Management (SIEM) and Cloud Security Posture Management (CSPM) issue alerts for minor anomalies that can be ignored or fixed later.
Cybersecurity teams at companies with over 5,000 employees ignore roughly 23% of their alerts due to the sheer volume. That makes it more likely that a truly serious threat will slip through the cracks. It’s especially hard to stay vigilant when a security system treats every alarm equally since critical issues can become lost in a deluge of minor problems.
This issue comes at a time when cybercrime is more prevalent than ever. The average global cost of a data breach was $4.35 million in 2022 and that number will likely continue to rise as bad actors become more sophisticated. With threats ranging from phishing to ransomware, cybersecurity teams have a tall order to fill when it comes to protecting their clients.
Managing Alert Fatigue
Burnout is one of the leading reasons people resign, and the cybersecurity field is no exception. There is a large talent shortage and a high turnover rate in cybersecurity. Alert fatigue contributes to feeling exhausted, stressed or helpless at work.
How can IT professionals handle the constant alerts and regain control over their workday? Here are some actionable steps companies can take to minimize or eliminate alert fatigue.
Prioritization
Implementing a triage system that prioritizes significant threats over less relevant ones is crucial. IT teams can fine-tune their cybersecurity tools to only let major security alerts come through or sort them by relevance.
Third-Party Management
The team might be at capacity, and putting more on their plates could lead to further burnout. In that case, organizations should look into hiring extra staff to manage the constant alerts. The additional cost could be worth it to retain talented team members.
Bulk Actions
Checking off items one at a time is tedious. Allowing teams to act on logical groups of alerts by taking bulk actions — like moving them to an open investigation as a group — can save time and reduce stress.
Specification
Vague or unclear alerts are another time waster. Implementing more actionable notifications lets employees know how to handle each issue immediately.
Cybersecurity companies should tweak their alert systems to ensure the notifications are clear and concise. They should also train employees on what each type of alert means and how to handle them.
Regular Reviews
Security organizations should constantly review their alert systems and look for ways to update them. If multiple team members suffer from alert fatigue, it’s time to investigate what’s going wrong and how to improve things.
Looking at the history of all changes made to a multicloud environment — along with actionable insights into potential threats to the infrastructure — can guide employees on which steps to take to prevent future problems.
Checklists
Teams can create checklists to automate handling alerts. Rather than employees stopping and considering the appropriate action for each one, they can use their list to quickly sort through incoming messages and decide what to do with them. Running through a checklist is an actionable way to handle many tasks in almost any job.
Artificial Intelligence
AI sorting systems use anomaly detection to look for unusual behaviors that could indicate a threat. They group data points into different categories to help teams identify the most important alerts. Machine learning also uses correlation to identify relationships between disparate data points and regression to look for trends over time.
Implementing better anomaly detection engines lets cybersecurity teams filter out much of the noise from incoming alerts before a problem even reaches their desk.
Combatting Alert Fatigue
Although cybersecurity incidents are rising, the number of alerts doesn’t have to become overwhelming. IT professionals can take several steps to minimize the number of alarms coming through, prioritize them by relevance and make them easier to handle. These mitigation efforts should reduce some of the stress cybersecurity employees experience at work.
Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.
Author
Ellie Gabel
Ellie Gabel is a science writer specializing in astronomy and environmental science and is the Associate Editor of Revolutionized. Ellie's love of science stems from reading Richard Dawkins books and her favorite science magazines as a child, where she fell in love with the experiments included in each edition.