overwhelmed usage of cybersecurity tools causing staff exhaustion and incorrect alerts: analysis

In today's digital age, the increasing use of security monitoring tools has become a norm for businesses worldwide. However, a new report from Trend Micro International suggests that this very practice, known as "cybersecurity tool sprawl," could be posing a significant threat to organisational security.

The report, based on a survey of 2,303 IT security decision makers from 21 countries, reveals that global organisations, on average, use 29 security monitoring tools. Larger organisations with over 10,000 employees, on the other hand, use an average of 46 tools. This excessive use of tools, the report suggests, can potentially lead to confusion for security operations teams, making it harder for them to respond effectively to cyber threats.

One of the key concerns highlighted in the report is the risk of false positives in security alerts. With so many tools in play, security alerts from different tools may report the same event with different severity levels, causing confusion and potentially wasting valuable time and resources.

Moreover, the excessive use of security monitoring tools can contribute to alert fatigue, potentially increasing the risk of missing a legitimate cyberattack. A distracted security team is more likely to miss out on an attack using these types of techniques. This is a serious concern, especially given that cybercriminal groups and state-sponsored actors are increasingly intensifying attacks on companies by repurposing everyday IT tools.

The report advances previous research on the impact of alert fatigue, showing that about half (51%) of the surveyed organisations have stopped using some of their security monitoring tools due to a lack of integration, skilled professionals, and difficulty understanding how to operationalize the tools.

The challenges organisations face in managing a multitude of security monitoring tools are not just limited to integration issues and a lack of skilled professionals. Operationalization difficulties also play a significant role. The report highlights these challenges, emphasising the need for a more streamlined approach to cybersecurity.

Previous research has shown that one-third of security analysts ignore security alerts, and it's not hard to see why. With so many alerts coming in, it's easy for important ones to get lost in the noise. However, ignoring security alerts can have serious consequences, as demonstrated by the fact that security teams can take up to 190 days to detect a breach and another 60 days to contain it.

In conclusion, while the excessive use of security monitoring tools may provide a sense of security, it can potentially lead to alert fatigue, confusion, and an increased risk of missing a legitimate cyberattack. Organisations need to rethink their approach to cybersecurity, focusing on integration, operationalization, and the development of a skilled workforce to effectively combat cyber threats.