Two-thirds of time spent responding to malware alerts is wasted
Organizations are increasingly bombarded with malware reports and that can lead to wasted time dealing with false alarms or minor issues.
A new report from The Ponemon Institute, commissioned by breach defense specialist Damballa, reveals that two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence.
The survey of 551 IT and IT security practitioners across EMEA (Europe, Middle east and Africa) finds that teams spend, on average, 272 hours each week responding to 'false positive' cyber alerts -- due to erroneous or inaccurate malware information. This equates to an average cost of £515,964 (around $800,000) annually, for each organization, in lost time.
The findings show that organizations are dealing with nearly 10,000 malware alerts per week, however, only 22 percent of these are considered reliable. More worryingly, only a small fraction -- 3.5 percent -- of all alerts are deemed to be worthy of further investigation. IT teams could therefore be struggling with the resources, or expertise, to block or detect serious malware.
"These findings are significant as they highlight the real impact of false malware intelligence. Not only are teams devoting valuable time and resources to hunting down the false positives but they’re also in danger of missing the real infections, which could have a devastating impact," says Stephen Newman, CTO of Damballa. "The severity and frequency of attacks is increasing, so the focus really needs to be on building better intelligence, which means that organizations will have the confidence of knowing exactly where the real threats are. This means that teams can direct their efforts where it is most needed; on finding and quickly remediating the active infections".
Among other findings of the report are that fifty-seven percent of respondents say the severity of malware infections have significantly increased or increased in the past year. Yet whilst the severity of infections is rising, nearly a quarter of respondents (23 percent) say that they have an 'ad hoc' approach to containment, with 38 percent having no one person accountable for the containment of malware.
Only 37 percent of respondents reported that their organization has automated tools to capture intelligence and evaluate the true threat of malware. Organizations that do have automated tools report that an average of 44 percent of malware containment does not require human input or intervention and can be handled automatically.
The full report is available to download from the Damballa website.