Whether you’re in a large security operations centre (SOC) or a smaller IT and security team, the barrage of alerts from security incident and event management systems (SIEMs) and other cybersecurity tools can be overwhelming, and over time, cause alert fatigue.
Alert fatigue occurs when cybersecurity professionals are inundated with security alerts and tune out or show apathy toward alerts coming in, potentially leaving companies vulnerable to security risks.
According to CyberCrime Magazine, cybersecurity teams at companies with more than 5,000 employees ignore an average of 23% of alerts, and companies with 1,500-4,999 employees ignore about 30% of alerts. One can see how this is a huge liability for companies in the face of a growing number of cyber attacks.
Here are some ways your organisation can deal with alert fatigue:
- Take it seriously. It is a problem that needs to be addressed in organisations of all sizes. Companies should craft policies that build in redundancy, regular breaks for security team members, and acknowledge the challenge with your team, creating an open line of communication.
- Fine tune your security tools. SIEMs and other security tools do offer fine tuning and customization to help cut down on the amount of false positives or low risk events. It takes time to configure and needs to be refreshed over time, but is worth the time investment.
- Establish priority-based triage. By establishing parameters and configuring your security tools in such a way that it prioritises alerts by risk level, and immediately provides the basic information needed to address the risk, this can save your team’s time tracking down information on alert that takes precious time and effort.
If you’re looking for support for your IT team or need assistance in establishing robust security management tools with fine tuned alerts to minimise alert fatigue, we’re here to help. Contact our team to learn more.