What is Cyber Alert Fatigue & How to Avoid it

Working with technology often means being bombarded by alerts and notifications. This has long been an occupational hazard for employees in medicine or emergency services, construction workers and various technology roles. The problem has become even more acute in recent years as smartphones have become ubiquitous and are constantly buzzing and beeping with notifications, many of which are unnecessary.

These endless notifications cause high levels of cortisol which increases stress and anxiety, and actually reduces our ability to act on the individual notifications, leading to tech fatigue.

Within the world of technology, the problem is much more serious due to widespread automation. In theory, automating processes should take the pressure off individuals and enable them to concentrate their resources on other tasks, but the reality is not quite that utopian.

A problem doubled: alert fatigue in industrial cyber security

This is equally true of OT cyber security: an organization can receive hundreds or even thousands of cyber security alerts every single day! Many of these will be false positives or low-quality alerts, making it very tempting for cyber security personnel to succumb to security alert fatigue and ignore the alerts completely.

Whilst alert fatigue is understandable, it is also potentially very dangerous. An estimated 65% of cyber attacks remain undetected, and one of the contributing factors to this high number is the systematic passing down the line of the responsibility of responding to cybersecurity alerts. This highlights the necessity of having a clear strategy for dealing with potential cybersecurity fatigue, and ensuring that alerts are of the highest possible quality in order to minimize the incidence of important alerts remaining ignored.

Six alert fatigue solutions

As awareness of the problem of alert fatigue has grown, cybersecurity experts are coming up with creative solutions to ensure that SOC teams are not overwhelmed and are able to respond to alerts so that a crisis can be averted.

1. Start by ensuring that only high-quality alerts are enabled. This means investing in fine-tuning your alert system, which is no small task, but will result in huge returns as it limits alert fatigue and ensures that genuine alerts are actually dealt with in a timely manner.
2. Eliminate repeat or redundant alerts. Again, this involves going into the heart of the alert system to define the alert rules, but is well worth the time in the long-run.
3. Just as alerts have become automated, it is possible to implement automation for alert responses. Once again, it takes pressure off the security team and focuses resources where they are truly needed.
4. Once these first three steps are in place, there should already be a massive reduction in alerts. The next step is to have a clear strategy for handling those alerts that are still coming through, including consistency in response methodology, and a hierarchy structure, so that missed alerts are escalated instead of ignored.
5. If it is practical for your analyst team, rotate tasks so in order to avoid not just alert fatigue but general burnout. Analyst tasks are often repetitive and monotonous, so switching things up as often as possible can make a big difference to productivity.
6. Ensure that all personnel are taking adequate breaks. This may seem obvious, but it’s worth paying attention to. Research shows that skipping breaks can lead to chronic fatigue and loss of concentration, and taking regular short breaks improves concentration.

Radiflow CIARA: automation for reduction of alert fatigue

Radiflow has been recognized by Gartner as Sole Vendor in both the OT Network Monitoring & Visibility and the Cyber-Physical Systems (CPS) Risk Management categories. As a cybersecurity specialist firm, our goal is to prevent all types of systems breaches, and this includes ensuring that essential alerts do not end up unhandled. To this end Radiflow has incorporated risk-based alert-management into the CIARA platform. Radiflow’s AI engine assigns a risk score to each asset can be fine-tuned to your organization’s needs so that alerts are prioritized, essentially filtering out the much of the noise.

Contact our sales team today to find out more how you can reduce alert fatigue for your SOC team, increase productivity and improve your overall OT security with Radiflow CIARA.