Data/Cyber

Cyber-alert stats paint stark picture

BY Matt Atkins

The average US firm faces 10,000 potential cyber-security alerts daily, more than any IT team can possibly process, according to an analysis of web traffic by threat protection and containment firm, Damballa. The Damballa State of Infections Report Q1 2014 culled information from ISP and mobile traffic, as well as its own customers, finding that the busiest networks generated up to 150,000 alerts.

While the report makes clear that a large number of these alerts are innocent, the problem lies in the sheer volume of alerts that firms face. The scale of the problem leaves most IT teams with little hope of keeping on top of the daily alerts, allowing infected systems to hide more easily. “Bystanders may think it’s outrageous that a breach could go undetected for months,” says Damballa. “Main-stream media has certainly stirred the pot with stories about security teams ignoring alerts. But the people engaged in daily hand-to-hand combat know that an alert doesn’t equal an infection – and that’s part of the problem.”

Large multinational firms with a global reach face up to 97 active infected devices per day, according to the report, a relatively small amount. However, the manual work required to actually find infections is the number one security challenge. An overload of security alerts aids cybercriminals such as those who attacked firms in the US retail sector during 2013. During the time of its three-month security breach, Neiman Marcus experienced 30,000 security alerts. Sifting the alerts that indicated criminal activity from false positives and innocent but anomalous behaviour, extending the period in which the firm was under attack.

Traditional IT security controls can't stop today's threats, says the report. Organisations need to automate labour-intensive processes like alert chasing and focus on discovering successful infections and triage the devices at most risk. “There aren't enough trained security professionals in the world to solve the problem,” says Damballa.

Report: State of Infections Report Q1 2014

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.