Sergey Nivens - Fotolia

False malware alerts cost European firms £500,000 a year, study shows

Organisations are dealing with nearly 10,000 malware alerts a week, but only 22% are considered reliable and only 3.5% are deemed worthy of further investigation, a study shows

Enterprises in Europe, the Middle East and Africa spend 272 hours a week or nearly £516,000 a year on average dealing with false positive cyber security alerts, a Ponemon Institute study has revealed.

Organisations are dealing with nearly 10,000 malware alerts a week, but only 22% are considered reliable and only 3.5% are deemed worthy of further investigation, according to the Cost of malware containment study commissioned by automated breach detection firm Damballa.

A similar study in January 2015 revealed that US enterprises spend $1.3m (£831,000) on average each year dealing with false positive cyber security alerts.

According to the Ponemon Institute report, the latest study’s findings, which are based on responses from more than 500 IT and security professionals, suggest that IT teams are struggling with the resources, or expertise, to block or detect serious malware. 

The study also revealed that respondents reported a significant increase in the volume (47%) and severity (14%) of malware in the past year.

While the severity of infections is rising, the study showed that nearly a quarter of respondents report that they have an “ad hoc” approach to containment, with 38% claiming that there is no one person accountable for the containment of malware.

The study revealed that only 37% of respondents reported that their organisation has automated tools that capture intelligence and evaluate the true threat driven by malware.

Organisations that do have automated tools report that an average of 44% of malware containment does not require human input or intervention and can be handled by these automated tools.   

“These findings are significant as they highlight the real impact of false malware intelligence. Not only are teams devoting valuable time and resources to hunting down the false positives but they are also in danger of missing the real infections, which could have a devastating impact,” said Damballa chief technology officer Stephen Newman.

“The severity and frequency of attacks is increasing, so the focus really needs to be on building better intelligence, which means that organisations will have the confidence of knowing exactly where the real threats are. This means that teams can direct their efforts where it is most needed; on finding and quickly remediating the active infections,” he said.

Newman said the importance of finding and responding to active malware infections is underlined by the latest UK government’s information security breaches survey conducted by PwC which revealed that 90% of large companies have suffered a data breach over the past year at an estimated cost of between £1.46m and £3.14m.

Read more about security automation

  • Enterprises are flooded with security events on a daily basis, and infosec teams need greater automation to pick up the slack
  • There are many tools that professionals can use to automate information security processes
  • Nation-states are turning their attacks toward the cloud. One expert explains why he believes Security automation is the only viable defence tactic

Read more on Hackers and cybercrime prevention