False malware alerts cost enterprises $1.3m a year on average

The average enterprise spends $1.3m a year dealing with false positive cyber security alerts, a Ponemon Institute study has revealed

Enterprises spend $1.3m a year on average dealing with false positive cyber security alerts, a Ponemon Institute study has revealed.

The cost includes nearly 21,000 hours of IT security practitioner time wasted annually, according to the Cost of Malware Containment report, commissioned by security firm Damballa.

The report is based on a survey of more than 600 US IT and IT security practitioners to determine the true cost of dealing with today’s volume of malware threats.

The research found that organisations receive an average of nearly 17,000 malware alerts a week; only 19% are considered reliable or worthy of action.

Security teams are unnecessarily occupied with following up false alerts, which can distract them from dealing with real threats, the report said.

Compounding the problem, respondents believe their prevention tools miss 40% of malware infections in a typical week, increasing the risk of breach.

More on security automation

The study also found that 60% of respondents felt the severity of malware infections has risen, with 16% regarding the increase as “significant”.

Even so, when asked about how their organisation handles malware containment, 33% of respondents said they take an unstructured or ad hoc approach, and 40% said no one person or function is accountable for containing malware.  

Only 41% of respondents said their organisation has automated tools that capture intelligence and evaluate the true threat caused by malware.

Respondents at organisations with automated tools report that an average of 60% of malware containment does not require human input or intervention and can be handled automatically, the report said.

"These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time,” said Brian Foster, chief technology officer at Damballa.

With the severity and frequency of attacks growing, Foster said teams need a way to focus on responding to true positive infections to get a firmer grip on their security posture.

“It is more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organisation's risk exposure and make the best use of their highly skilled, limited security resources,” said Foster.

Read more on Hackers and cybercrime prevention