Organisations are often being left out of pocket due to the high costs of utilising detection-based security tools, new research has revealed.
A report from security firm Bromium has revealed that companies are spending thousands on unnecessary or overactive protective measures which could be causing more headaches than needed, some of which come with eye-watering hidden costs.
Overall, the company estimates that companies are spending around $345,300 per year on advanced security tools like advanced threat detection and anti-virus. Although these tools highlight over a million alerts every year, Bromium warns that around 750,000 of these are false positives - leading to unnecessarily high time-wasting as workers look to address them.
Surveying 500 CISOs from large businesses around the world, Bromium also found that labour costs are soaring as a direct result of detection-based technology failure, with the unneccesary work stemming from false alerts and other security failures totalling a massive 417,148 hours per year and costing an average $16,368,886 per company.
“Detection requires a patient zero – someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive,” said Gregory Webb, CEO, Bromium.
“It’s no surprise that 63 percent of the CISOs we surveyed said they’re worried about alert fatigue. Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them.
“Meanwhile, advanced malware is still getting through because cyber criminals are focusing on the weak spots like email attachments, phishing links and downloads. This is why organisations must consider the total cost of ownership when making security investments, rather than just following the detect-to-fail crowd.”