Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

False Positive Alerts Cost Organizations $1.3 Million Per Year: Report

A new report published on Friday shows that organizations in the United States waste large amounts of money on dealing with erroneous malware alerts.

A new report published on Friday shows that organizations in the United States waste large amounts of money on dealing with erroneous malware alerts.

According to the study conducted by the Ponemon Institute on behalf of security firm Damballa, organizations spend, on average, nearly 21,000 hours each year analyzing false negatives and/or false positives. This means companies waste roughly $1.3 million per year due to inaccurate or erroneous intelligence.

The organizations that took part in the study reported receiving an average of 16,937 cyber security alerts in a typical week. Of these alerts, only 19% (3,218) are deemed reliable and only 4% (705) are actually investigated. This indicates that many companies don’t have the resources or expertise to detect or block serious threats, Damballa said.

When asked about trends in malware infections, 60% of respondents said they noticed an increase or a significant increase in severity in the past year. On the other hand, 45% of respondents reported an increase in the volume of malware infections.

As far as their malware containment practices are concerned, 33% of organizations have an unstructured or “ad hoc” approach. Around the same percentage have a structured approach that involves both manual activities and automated tools. Roughly one in ten respondents said their organization has a structured approach that primarily relies on manual activities.

In most cases, the chief information security officer (CISO) is responsible for malware containment (45%). On the other hand, 40% of those who took part in the survey said there is no one person or function within their company responsible for containment.

Vendors and peer-to-peer communications are the main source of malware intelligence, according to roughly two thirds of respondents. Unsurprisingly, law enforcement are rarely the source of intelligence.

“These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time. The severity and frequency of attacks is growing, which means that teams need a way to focus on responding to true positive infections if they are to get a firmer grip on their security posture,” said Brian Foster, CTO of Damballa.

Advertisement. Scroll to continue reading.

“It’s more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organization’s risk exposure and make the best use of their highly-skilled, limited security resources,” Foster added.

The “The Cost of Malware Containment” report is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.