How Alert Fatigue Almost Flooded Our Basement

Published:

Nov 03, 2022

Reading time:

7 Minutes

Alert fatigue from a flood of alerts almost flooded our basement.

My wife and I had just fallen asleep (we have teenagers to chivvy off to bed, so it’s not as early as we’d like), when her cellphone rang. It was the alarm company, telling us the water sensor alarm had just gone off. We almost went back to sleep.  

Meanwhile, in our basement, a pipe connection had disconnected, and water was pouring down. After bouncing off the top of my favorite wine fridge, it was moving across the basement floor. One tendril of water made it out into the finished, carpeted area, and another had made it over to the mechanical area for our pool: a sunken inset that contained a water sensor and triggered the alert – this was not a problem we’d want to ignore.

So why did we almost go back to sleep?

My wife’s phone rings a lot at night. Her day job is the president of our synagogue, and she doubles as the de facto executive director. For the past three years, she’s been the person of last resort, and that’s included being on the call list when the synagogue’s alarm goes off.  Three years ago, it was almost nightly. Almost always, the event was minor. A door hadn’t correctly latched,  or the last person out of the building forgot to set the alarm. The month when there was a mouse wandering around and setting off motion sensors nightly was memorable. With every call, we’d have to make the decision: which of us would drive over and check the building, and did we want the police to join us? Thankfully, those phone calls have gotten a lot less frequent after the synagogue upgraded their security system.

It was only a last minute recollection that the caller ID said the name of our home alarm service, and not the synagogue’s, that made my wife realize we should check our basement. We did, thankfully, and now, while we have a cleanup project, it’s more manageable than a few feet of water in the basement likely would have been.

So why does this matter in the cloud security world? 

59% of Security Professionals Receive 500+ Alerts Per Day

For Orca Security’s recent Alert Fatigue Report, 800 IT professionals answered survey questions about the state of cloud security alerts at their organizations. What was found, and what is probably not shocking, is that security teams are flooded with alerts—daily, weekly, monthly—you get the picture. 

The problem isn’t simply that security teams receive tons of alerts. The fact is, in the digital and interconnected world that we live in today, there is absolutely no shortage of notifications. Phone calls, text messages, social media likes and comments, emails, the list goes on and on and on. We know that this is the world we live in today, and it’s no use trying to force people to go back to how things used to be pre-Internet and cell phones.

The problem is that the more alerts a person receives, the less attention they pay. Basically, we have become desensitized. 

62% of Security Professionals Attribute High Turnover to Alert Fatigue

As if desensitization isn’t enough, alert fatigue also links to burnout at work for security teams. According to the report, 62% of survey respondents say alert fatigue has contributed to turnover at their organization. With over half of the respondents feeling this way, it’s no question that the sheer number of alerts creates internal friction and overworked employees who ultimately do not find it worth it to try and wrangle the problem in a Whac-a-Mole manner. 

So, as we recognize and accept the reality that alerts are not going away, it becomes necessary to search for a specific solution to help make the issue manageable. 

How to Combat Alert Fatigue in Cloud Security

The Alert Fatigue Report also revealed that the more security tools that are used, the more alerts are generated (often duplicate ones), the higher the rate of false positives, and the worse the alert fatigue. For example, it was found that security teams miss 41% of critical security alerts on a weekly basis due to the sheer number of unprioritized alerts, and 46% of survey respondents noted that once they do focus on remediating a specific alert, it takes 3 or more days to fix.

Consolidate Tools with a Unified Cloud Security Platform

Instead of using multiple siloed tools that all have their own methods of alerting you, consolidating your cloud security efforts into a single, context-aware cloud security platform makes receiving alerts consumable and manageable. As in your personal life, you likely don’t answer a work email at the same time as texting back a friend while also scrolling through LinkedIn. You prioritize. 

Whether you’re at the C-level of your organization or the security architect, being able to quickly prioritize the security alerts you receive allows you to manage risk better and faster. With a unified cloud security platform like Orca Security, you can avoid duplicate alerts caused by managing multiple tools while also leveraging centralized, contextualized information that allows you to make decisions based on your company’s specific risks. Context is the key here, as just reducing the number of alerts due to tool consolidation can only get your team so far.

Without context, you will still get an endless list of alerts that may not be accurately prioritized. Context allows you to visualize your cloud environment as an attacker would with the ability to discover dangerous risk combinations that take into account factors such as severity, ease of exploitation, business impact and more. 

Security teams are already overworked, so making an effort to relieve the burden by consolidating tools into a single platform that gives you the ability to contextualize the full picture is a must.

Protect your Critical Asset Targets, Not the Entry Point

To help make prioritization possible, it’s important for your security teams to know what the organization’s most critical assets are. Security employees should not feel the need to embark on this effort alone; rather, the organization should invest in a security vendor that makes it possible for teams to prioritize exposure based on the assets most critical to your company. 

Orca Security’s cloud security platform allows you to focus on both the discovery of attack paths as well as strategic remediation. In this way, you can find and prioritize attack chains quicker, and focus on the ones that pose the most immediate danger. 

Moral of the Story: Learn to Answer the Phone When You Need to

Security alerts aren’t going away. That would only happen if every attacker decided to stop carrying out cyber attacks. The point here as I’ve laid out is to be realistic and learn how to manage the number of alerts that come your way by having a strategy for prioritizing and understanding them based on your organization’s specific risks. 

I hope you enjoyed my personal story time on alert fatigue, and to get even more recommendations for how to combat it in your cloud security efforts, download Orca’s Alert Fatigue Report
Implementing a thorough security framework like Orca’s agentless security solution is the first step in addressing alert fatigue. The Orca Cloud Security Platform delivers the world’s most comprehensive coverage and visibility of risks across your entire cloud estate. Orca Security prioritizes risk based on the severity of the security issue, its accessibility, and business impact. This helps you focus on the critical alerts and issues that matter the most. To see how Orca can help your organization combat alert fatigue, you can register for a free cloud risk assessment or watch this 10-minute demo.

Andy Ellis is the Advisory CISO at Orca Security, and 2021 Inductee into the CSO Hall of Fame. He is an Operating Partner at YL Ventures, and was formerly a US Air Force officer and the CSO at Akamai Technologies. You can find him on Twitter at @csoandy.