25 Apr Orca Security reveals cloud security alert fatigue in latest report

Cloud security innovation leader Orca Security has revealed the current state of cloud security in its latest report focusing on alert fatigue.

The company surveyed over 800 IT professionals across five countries and ten industries to make robust findings into public cloud security alert fatigue. The survey found that more than half (55%) of respondents use three or more cloud providers and 57% have five or more cloud security tools. This combination of multi-cloud adoption and disparate tooling is overwhelming security teams with a flood of inaccurate alerts. For example, 59% of respondents receive more than 500 public cloud security alerts per day, and 38% receive more than 1,000 per day.

The data also revealed that more than half of respondents spend more than 20% of their time deciding which alerts should be dealt with first. The overload of alerts, combined with widespread inaccuracy (43% say more than 40% of their alerts are false positives) is not only contributing to turnover but also to missed critical alerts. More than half of respondents (55%) say their team missed critical alerts in the past, due to ineffective alert prioritisation – often on a weekly and even daily basis.

Avi Shua, CEO and co-founder, Orca Security, said: “Multiple, disconnected tools continue to plague security teams. Having to sift through hundreds of ‘high priority’ often meaningless alerts is causing security practitioners to become overwhelmed and leading to burnout and turnover, exacerbating cybersecurity staff shortages.

“The only way to win the battle of cloud security is to leverage context to the maximum. Practitioners should be enabled to focus on the very few toxic combinations of alerts and attack paths that can put their crown jewels in jeopardy, rather than trying to review thousands of meaningless alerts.”

To read more of the report, visit the Orca Security website here.