Organisations pay the price of chasing false alerts

Organisations spend too much time investigating false alerts, resulting in undetected serious malware threats, says Forcepoint's Neil Thacker.
Organisations spend too much time investigating false alerts, resulting in undetected serious malware threats, says Forcepoint's Neil Thacker.

The average company spends almost 199 hours a week investigating malware infections on their computer systems.

Another 230 hours a week is spent on cleaning or fixing the organisation's infected devices. With all this time spent on investigations, there are still around 40% of infections that go undetected in an average organisation's network operating system.

This is according Neil Thacker, information security and strategy officer at Forcepoint EMEA, who was speaking at the Forcepoint security briefing forum organised by IT Web last week.

Thacker said this is a significant amount of time for any company to spend on investigating false positive alerts and chasing erroneous cyber alerts such as suspected malware and viruses that turn out to be nothing more than dead ends.

He said chasing false alerts often results in a small fraction of serious malware threats being investigated, leaving data exposed and businesses at risk.

"Too much time is wasted on determining if there is a breach and identifying breaches instead of detecting malware identity, the type and intention of malware and how it bypassed the anti-virus," he pointed out.

He explained once a breach has been determined, more time is spent implementing a strategy to try to stop the attack.

"In the past 15 years, threats have become more sophisticated as cyber criminals are using social engineering techniques to gain access into organisations' systems.

"Unfortunately, many organisations that have been compromised by these serious threats are still not aware of the incidents," he revealed.

Cyber criminals

Thacker gave a description of the six types of criminals who are likely to break into organisations' systems and perform activities ranging from identity theft to fraud to corporate hacking attacks.

1. The anarchist - He gains access into companies' Web sites and confidential communication information.
2. The banker - He wants bank-related information such as credit card info and client financial credentials. He is also seeking serious financial information. The selling of credit or debit card data on the black market is a well-established and lucrative business for cyber criminals.
3. The contractor - This is the emerging cyber-criminal who steals data and makes a lot of money in the black Web market.
4. The arms dealer - He usually carries out fraudulent information and earns a lot more money than a genuine Web developer.
5. The special agent - He is sponsored by a country's government or private companies to investigate crucial information, he spends a lot of time working on only a few projects each year.
6. The insider threat - This is the employee or former employee who can either be negligent or malicious. When sensitive data goes missing under these circumstances the organisation can be fined and not the employee.

Thacker also discussed the top five threats which took place in organisations in 2015 across the globe. These are malware, Web-based attacks, Web application attacks, botnets and denial of service. These were based on a report by the European Network information security agency.

It takes an average company around 206 days to identify a data breach and a further 69 days to contain that breach, said Thacker.

"This is a significant amount of time, the time between the initial compromise and the detection phase is called the dwell time," he pointed out.

He advised organisations to consider dwell time as key risk management, if the dwell time declines that means cyber security is improving.

"At Forcepoint we are measured on our dwell time which is 48 hours and we are always trying to improve that time," he noted.

To be on the safe side, he advised organisations to follow the international guidelines stipulated in the Global DP Legislation Readiness Plan. Among the many recommendations, this legislation stipulates organisations should have a data flow mapping strategy of internal and external processing.

"It also specifies organisations should review Privacy Impact Assessment and measure risk compliance against the legislation," he said.

Read time 3min 40sec
Sibahle Malinga
ITWeb's portals journalist.

Sibahle Malinga, ITWeb's portals journalist.

Have your say
a few seconds ago
Be the first to comment