False positives are often accepted as a fact of life with anti-virus programs but a new survey commissioned by breach detection specialist Damballa reveals that they have a significant cost for businesses.
The study produced by the Ponemon Institute reveals that enterprises spend $1.3 million (£850,000) a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.
In a typical week, organisations receive an average of nearly 17,000 malware alerts, yet only 19 per cent are deemed reliable - or worthy of action. This means security teams can waste time on alerts that pose no threat to their data security and which can distract them from dealing with threats that can lead to compromise.
Compounding the problem, respondents believe their prevention tools miss 40 per cent of malware infections in a typical week. The longer malware goes undetected of course, the greater the risk of a breach.
In addition 60 per cent of respondents report that the severity of infections has increased over the last year. But despite this 33 per cent of organisations revealed that they have an unstructured or ad hoc approach to handling alerts. In terms of responsibility, 40 per cent of respondents say there is no one person or function in their enterprise accountable for the containment of malware.
Only 41 per cent of respondents say their organisation has automated tools to allow them to capture intelligence and evaluate the true threat caused by malware.
"These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time. The severity and frequency of attacks is growing, which means that teams need a way to focus on responding to true positive infections if they are to get a firmer grip on their security posture," says Brian Foster, CTO of Damballa.
"It's more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organisation's risk exposure and make the best use of their highly-skilled, limited security resources".