The Weekly Breach Breakdown Podcast by ITRC - Fools Gold and False Alarms - S5E33

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for October 25, 2024. I'm Timothy Walden. Thanks to SentiLink for their support of the ITRC and this podcast. Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we'll discuss threat detection tools and how their overwhelming number of alerts is inundating security teams.

In the 1980s and 90s, data protection was pretty simple. Install a firewall and some virus protection, and you were generally good. However, as the digital landscape evolved, so did the bad actors. Now, entire security teams are responsible for detecting and preventing data breaches and cyber threats. The only problem? There are way too many alerts.

Threat detection tools are the frontline of defense for Security Operations Centers (SOCs), which are tasked with identifying and mitigating cyber threats. While these tools are essential to securing organizational data, the reality faced by SOC staff is increasingly daunting. The sheer volume of incoming alerts from these detection systems are overwhelming and is stifling their effectiveness, especially since many of the alarms are not real attacks – rather false alarms.

A survey by Vectra AI illuminates the struggles experienced by SOC teams. With an average of 3,832 security alerts flooding in daily, it’s no surprise that these practitioners report feeling bogged down. The numbers can be unmanageable for organizations with a small security staff. In fact, 81 percent of SOC personnel spend more than two hours sifting through alerts daily. Notably, 62 percent of these alerts are ignored. This situation is exacerbated by the emotional and professional toll it takes on cybersecurity teams.

SOC teams are bombarded with alerts that often fail to provide clarity amid the noise. As a result, real threats can easily slip through the cracks, prompting considerable anxiety among operators. A staggering 71 percent worry weekly that a critical attack could be buried within the mass of less critical alerts.

The frustration doesn't stop there. Half of the respondents believe their threat detection tools are "more hindrance than help." This sentiment breeds resentment toward software vendors, with about 60 percent acknowledging that they purchase these tools mainly to comply with regulatory requirements. Meanwhile, nearly half distrust the very tools they depend on for security, suspecting that vendors may flood their systems with alerts to absolve themselves during a breach incident.

While threat detection tools are vital for cybersecurity, they need fundamental improvements to prevent them from becoming an obstacle. More advanced tools that minimize manual processes and increase automation are needed. 

If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime or a funeral streaming scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out our last Fraudian Slip podcast, where we break down public sentiment on Biometrics with Stephanie Shuckers of UNC Charlotte. 

We'll return next week with another episode of the Weekly Breach Breakdown. I'm Tim Walden; thanks for listening.