Working as an IT security manager in a company is far from simple. It is not just a case of generally protecting corporate cybersecurity. It’s about being resilient, watching out for new attack methods, forming a preventive defense team, building action protocols in case of vulnerability, and making sure all employees are aligned with these goals within the company.
However, taking on too many tasks at once can water down the purpose of these tasks, and have just the opposite effect: the real threats stop being taken care of effectively.
Alerts ignored out of fatigue
At least, this is what a recent survey carried out by Imperva shows. According to this report, analyzing security alerts takes up a disproportionate percentage of work time, something that, at times, can end up being counterproductive for the company.
As Imperva shows, the majority of cybersecurity managers surveyed state that this workload often causes fatigue, putting the company’s security at risk. In fact, 66% admit to having ignored an alert due to these alerts previously having resulted in a false positive.
But it doesn’t stop there. 63% of managers admit to having serious difficulties when it comes to analyzing and deciding which cybersecurity incidents are critical and which have a noticeably lower risk and, as such, may not require such a high level of attention. All of which means that companies end up being inefficient in their own risk management.
How to detect critical incidents?
There are several ways to detect the whether the company is facing a critical security incident. Moreover, with these measures, the scope and relevance of this incident can be evaluated too.
1.- Traffic anomalies Servers and connections that are particularly confidential tend to have a relatively stable volume of traffic. If a company experiences an unusual increase in this traffic, it should be on the lookout.
2.- Accessing accounts without permission. Employee and director accounts usually follow a hierarchy according to the information that they are allowed to access. As employees are usually the easiest entry point for cybercrime, if the connection privileges of one of their accounts are suddenly increased, this may be cause for a corporate cybersecurity alarm.
3.- Excessive consumption and suspicious files. If the company detects an increase in the performance of its memory or hard drives, it may be that someone is accessing them illicitly, or even leaking data. This may also be the case if you find a file of suspicious size that is trying to remain hidden.
How to avoid new incidents
It is not simply a case of detecting incidents. They need to be prevented and avoided. To do so, several measures can be taken:
1.- Contextualize the danger. As the Imperva survey shows, many cybersecurity managers don’t have an easy time of it when it comes to prioritizing the alarm level of possible alerts that they come across. For this reason, the company needs to have a solid structure of hierarchies in place to improve their risk management.
2.- Avoid false positives. False positives are very often the reason that corporate cybersecurity managers let their guard down when faced with new alerts. Companies therefore need to have appropriate tools in to avoid the increase in false positives.
3.- Technology solutions. Cybersecurity managers needn’t dedicate such a large part of their time to manually detecting possible alerts. Rather, they should back up their efforts with technological solutions that do this task. Panda Adaptive Defense doesn’t just monitor the company’s IT activity in real time. Thanks to contextual intelligence it is able to prioritize alerts, minimize the risk for companies, and therefore help them in risk management.
At the present time, having a traditional antivirus is no longer enough. Threats are ever more advanced, and companies’ security solutions must be too. This is the only way that they will be able to face up to the boom of fileless malware or the new types of APT, which are increasingly sophisticated. This was demonstrated by LoJax, which is even capable of surviving reinstallation of the operating system.
4.- Cyber-resilience. Fatigue or the increase in alerts can never be an excuse for a company. Every company must be cyber-resilient as well as being up-to-date with the new methods of attack that cybercriminals use.