RSS feed Get our RSS feed

News by Topic

BizReport : Internet : January 19, 2015

False malware alerts costing businesses time and money

Cyber-security alerts that turn out to be false alarms are wasting thousands of man hours and costing businesses millions of dollars, according to new research published by the Ponemon Institute and sponsored by security firm Damballa.

by Helen Leggatt

In a survey of more than 600 I.T. and I.T. security professionals in U.S. companies, Ponemon found that almost 17,000 malware alerts are presented each week.

However, as outlined in the report, 'Cost of Malware Containment', just 19% of those malware alerts are considered reliable and even less, just 4%, are actually investigated.

Overall, businesses spend $1.3 million a year dealing with false positive cyber-security alerts, equating to nearly 21,000 hours in wasted time.

According to Brian Foster, CTO of Damballa, the report's findings reveal not only the "sheer scale of the challenge for IT security teams in sifting out the real threats" but also that attack frequency is growing, along with severity. Respondents to the survey said the severity of attacks had "significantly increased" (16%) or "increased" (44%) in the pasts 12 months.

Yet, despite this increase, a third of companies had no structured approach to malware containment and 40% said there were no personnel or function that took responsibility for the process.

"Breach readiness always involves people, processes and technology," Foster told Infosecurity Magazine. "If one is off-kilter it has a trickle down and across effect. When it fails, the burden shifts from tools to people and there aren't enough skilled staff or hours in the day to deal with the repercussions. That's why we see so many companies getting breached."

Image via Shutterstock

Tags: cyber security, malware, research, security

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.