Connect with us

Hi, what are you looking for?


Incident Response

Decision Fatigue is Real – In Life and In Security

“The world is your oyster!” “The sky’s the limit!” Those may sound like encouraging words, but according to ‘millennial therapist’ Tess Brighman the biggest complaint among millennials is having so many choices that they struggle to make decisions. Why is this such a problem for this group? Information overload. 

“The world is your oyster!” “The sky’s the limit!” Those may sound like encouraging words, but according to ‘millennial therapist’ Tess Brighman the biggest complaint among millennials is having so many choices that they struggle to make decisions. Why is this such a problem for this group? Information overload. 

Think about it. Born between 1981 and 1996, this is the first generation to grow up with information at their fingertips. At the beginning of the era, personal computers and access to the Internet were taking off. Towards the end, mobile devices and smart phones were emerging. Millennials have been bombarded with information for their entire lives and now decision fatigue is setting in. They feel stressed and overwhelmed as they grapple with the pressure to succeed and worry that they aren’t making the right choices.

Sound familiar? Millennials aren’t the only ones who suffer from decision fatigue. As I’ve written before, security analysts struggle to make sense of too much data. Most organizations have more internal system data than they know what to do with from sources including the security information and event management (SIEM) system, log management repository, case management systems and security infrastructure. On top of that, threat intelligence must be considered. They are bombarded with millions of threat-focused data points from multiple data feeds, some from commercial sources, some open source, some industry and some from their existing security vendors.

Ignore some of the data and you worry you’ve missed something important. Try to use all the data available and you become exhausted and still worry that you aren’t making the right decisions. You need to pare down the massive volume of data by eliminating the noise so that you can understand where to focus and what needs to be done. To do this, start by correlating events and associated indicators from inside the environment with external data indicators, adversaries and their methods, to gain the context to understand the who, what, where, when, why and how of an attack.

With context you can now prioritize based on relevance to your environment. But what is relevant to one company may not be to another. It is important to be able to assess and change risk scores automatically based on parameters you set instead of relying on the global risk scores some vendors provide. This allows you to focus on what really matters to your organization rather than wasting time and resources chasing ghosts.

The right data, and confidence in that data, leads to better decisions and actions. With fewer distractions from noise and false positives, you can spend more time analyzing and understanding what’s important and make better decisions. Now you can work more efficiently and effectively. As confidence in your decisions and the actions you are taking grows, you can move faster and accelerate security operations by incorporating automation

Much has been written about security orchestration, automation and response (SOAR) tools to automate certain processes within security operations. A sign that the category is maturing and expanding, Gartner recently issued its first SOAR Market Guide, including vendors that approach SOAR from different perspectives. A process-driven approach, for example using playbooks to automate response, works well when you have high confidence in the data being used and the decisions that need to be made. However, the reality is that the confidence level for full automation is not there most of the time. If you start automating noise, the result will be amplified noise. A data-driven approach gives you greater confidence that you’re automating the right things. Fatigue fades and security operations becomes more efficient and effective when you know that decisions and actions are based on the right data.

Information overload is real and can have ripple effects. For millennials it can translate into not knowing which career path to take, where to live, how to manage money, even who to marry. For security professionals and the organizations they work for, it can mean missing damaging threats, burnout and turnover. Fortunately, if you start by paring down the amount of data to focus on what is relevant, you can overcome decision fatigue and move forward with confidence. 

Advertisement. Scroll to continue reading.
Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.