Orca Security has launched its Orca Security 2022 Cloud Security Alert Fatigue Report, the industry’s first research report on public cloud security alert fatigue. It reveals that Australian security teams are inundated with inaccurate cloud security alerts.
The research report, which surveyed IT and Security professionals across multiple industries, found that 61% of Australian respondents receive more than 500 cloud security alerts per day. A large number of which are inaccurate or unnecessary; over a third (36%) of respondents said more than 40% of their alerts are false positives. Furthermore, 42% of respondents claim more than 40% of alerts are low priority.
The overload of alerts, combined with widespread inaccuracy of the alerts is not only contributing to turnover but also is resulting in many Australian businesses missing critical alerts. Of the 56% of respondents who say that critical alerts are being missed, 39% said alerts are being missed on a weekly basis, and 20% said on a daily basis.
“Multiple, disconnected tools continue to plague security teams. Having to sift through hundreds of ‘high priority’ often meaningless alerts is causing security practitioners to become overwhelmed and leading to burnout and turnover. Australia is already in the midst of ongoing skills shortage, with technology and cybersecurity staff in high demand, as a result of COVID enforced border closures. Businesses therefore need to leverage technology to lighten the workload for staff, rather than having technology complicate tasks, in order to retain good talent.” said Avi Shua, CEO and co-founder, Orca Security.
“Practitioners should be enabled to focus on the very few toxic combinations of alerts and attack paths that can put their crown jewels in jeopardy, rather than trying to review thousands of meaningless alerts which are occurring as a result of businesses using multiple siloed public cloud security tools. Australian businesses need to work smarter not harder, and consolidate their tools, in order to protect their most valuable assets – their people and their data ” concludes Avi.
Additional Australian findings suggest that security teams may be in denial about the effectiveness of their multiple security tools:
- 61% have five or more public cloud security tools.
- 94% of respondents say they feel confident or very confident in the accuracy of their security tools, even though 36% say more than 40% of their alerts are false positives.
- 97% of respondents say they are satisfied or very satisfied with how their security tools prioritise risk, even though 42% say that more than 40% of alerts are low priority.
You can read the full report here.
