Four in five malware alerts are a 'waste of time'

Malware raises the cost of doing business by $1.3m a year, largely due to the burden of responding to false alarms, according to a survey.
Written by Liam Tung, Contributing Writer

Businesses are being bombarded with thousands of malware alerts each week, but only 19 percent are credible, costing companies on average $1.3m in wasted resources.

False positives - malware alerts that turn out not to be a threat - are a significant drain on business, according to the results of a survey by the Ponemon Institute. What's more, such false alarms are potentially distracting security professionals from dealing with real threats that, if left unchecked, may leave a company with a bigger mess than simply cleaning up after a minor malware infection.

The survey, commissioned by US security vendor Damballa, found that organisations receive an average of 17,0000 malware alerts per week. While each of them could potentially trigger an investigation, respondents said only 19 percent of alerts they receive are credible, and in the end only four percent are actually investigated.

The Ponemon report said this suggests that organisations don't have the resources or in-house expertise to block what it refers to as "serious malware".

With such a high false-positive rate, the Ponemon Institute estimated that two-thirds of the time spent by IT security staff is wasted hunting down bogus security alerts, costing organisations an average of $1.27m each a year.

While there appears to be a tremendous amount of noise in security products, 60 percent of respondents said they also believe that malware infections had become more severe over the past year.

The report estimated that on average companies spend 600 hours a week on malware containment, with the most time-consuming security task at 230 hours being "cleaning and fixing and/or patching networks, applications, and devices damaged or infected by malware".

Organisations also spend on average 199 hours investigating actionable intelligence, 73 hours capturing actionable intelligence, 54 hours evaluating intelligence, 17 hours planning approaches to malware, and 13 hours reporting on the malware containment process.

One factor that may be driving up the overall cost of managing malware threats is that around a third of organisations in the survey reported having an "ad hoc" approach to malware containment.

And to top it all off, respondents appear to have little confidence in the security products they're paying for, believing that their prevention tools miss 40 percent of malware infections each week.

Read more on security

Editorial standards