Businesses are drowning under torrents of cyber alerts.
Not only have the number of attacks increased, coincidentally (and somewhat ironically), so have Australian company’s ability to detect them.
The recent CISCO Asia pacific CISO Benchmark Study makes interesting reading with 65% of Australian respondents saying they are suffering from cyber security fatigue.
That is more than twice the number of their colleagues in other A/P countries.
With 69% of the 209 respondents also saying their organizations receive more than 100,000 alerts every single day (yes, that’s over one alert per second.) this avalanche is the source of enormous stress and cost.
Also, there are no signs of this volume abating… quite the contrary in fact.
The encouraging news is that Australian companies appear to do better than their colleagues in Asia pacific at investigating these incidents. However, this is tempered somewhat by the fact that only 33% of all alerts are found to be legitimate.
The really bad news is in the process of alert remediation where at 38% Australia lags its global and regional peers in actually fixing the problems.
Are we too busy investigating to be re-mediating?
Should we care?
Well if you recall Aesop’s famous tale, one of the key lessons is that “False alarms are no laughing matter”.
So yes, we should care.
When the real wolf appears (and he will), we need to trust the pertinence of the data and have the resources at hand to be ready and able to respond, not be drowning under a weight of irrelevancies.
But here’s the rub. For most companies, playing this unending game of “whack a mole” all by themselves is a losing game.
We tend to think of the new world of cyber security requiring more technical skills along with technical “solutions” and then go hunting the market for those elusive unicorns.
Maybe it’s time to think differently and accept that for most companies, the role of alert monitoring and triage is simply best left to experts; companies who have the technology, the processes and the staff to do this 24/7.
With the right MSSP engagement, with SLAs that hold them to quality metrics (not just quantity), busy Australian IT departments might then be able to re-center their internal technical resources on architecture simplification, driving security learning and most important of all prompt and effective remediation.
Of course, we could continue to let the systems “cry wolf”. But as we know, that’s not such a happy ending.