Estimated reading time: 4 minutes
It’s COVID-19 this and COVID-19 that anymore, but it’s so true that this global pandemic has monumentally impacted each vertical market, in each individual and terrible way. Many industries were able to quickly learn from the tragedy and adapt their business offerings accordingly to still reach their customer base, and others simply fell to the damaging weight of the financial burden that was experienced by many. Even so, many companies are still fighting to secure their business and relationships going forward, as we are hopefully approaching the light at the end of the tunnel. When things got tough, cybercriminals and hackers came out of the woodwork, like the Cicadas, to purge wealth and data from those who were already most vulnerable in this situation. The amount of threat fatigue felt throughout a multitude of organizations is immense. Today’s employees are constantly being bombarded by warnings and alerts from IT departments, warning them of the threats that still linger from remote work connections and other activities that could unfortunately lead to data breaches and high-profile hacks, which are the last things that companies need after the year and some change that we’ve had.
Knowing the Signs of Threat Fatigue
Alert or Threat Fatigue is a real thing that many people have suffered from at one time or another. No, it’s no ailment that you can receive prescription medication from your doctor for, but it’s a very real and valid feeling that places a numbing sensation behind one’s eyes, that mirrors a common stress-induced headache. This sense of fatigue can crush productivity levels and heighten the amount of stress that any given worker experiences day to day.
Both the psychical and mental toll that this level of fatigue can place on a human employee drives job satisfaction way down and can contribute overwhelming bouts of fear to one’s workload. Studies have found that more than two-fifths of organizations will frequently experience false positive alerts in more than 20% of the cases, while 15% have reported that more than half of their security alerts are false positives. So, you see, there’s a high level of stress at stake here. There needs to be a way to combat these fears and reinforce workers to get back to a comfortable working environment, going forward.
A study collected in mid 2020 by Forrester has found that nearly 58% of corporations worldwide had at least half of their employees working from home, where an average of 11 devices are constantly lurking as they are connected to the internet. For malicious hackers, this can appear like an All-you-can-eat Buffet. Hacking professionals are very skilled at exploiting weak authentication methods to force entry and collect data that they previously were barred from viewing, especially within a targeted network.
Ideally the goal here would be to always update and modernize your systems when you can. Doing away with old-school legacy systems and replacing these methods with more automated practices that rely on artificial intelligence and machine learning can absolutely benefit everyone who’s involved here. Security Information and Event Management Systems of (SIEM) can provide a greater sense of visibility, minimizing the number of alerts and fishing through to find which ones are valuable and which can be ignored safely.
Out with Legacy Systems
A quick 101 for you, legacy systems contain outdated hardware and software that is not always easy to replace, because there are several moving pieces. These archaic systems can be unable to accommodate to today’s security guidelines that are protecting workforces in today’s security climate. These systems can typically also be more vulnerable to threats and forced entry without the protection of multi-factor authentication, single-sing on, and role-based access. There are several tips to improve your security framework if you’re still operating off of a legacy system:
- Conduct a vulnerability test to identify where some potential weaknesses might exist.
- Assess where your legacy system is located and how much of your work environment is impacted by that system.
- Determine which departments have the most data stored on these servers.
- Update Inventory logs.
- Keep track of old servers that may no longer be necessary, but happen to be taking up space. Those servers can be decommissioned quickly.
It’s also worth mentioning that updating edge devices is important as well, since older devices can create vulnerabilities within an organization’s secure walls, generating threat fatigue in return. Compromising these devices can lead to unauthorized access to configuration settings, credentials, or even to allow unauthorized connections directly to the device or the network it works to protect.
Circling back, when it comes to eliminating threat and alert fatigue in the workplace, it can all start with cutting out the need for legacy systems and update the necessary applications to continue working safely and efficiently. Alert fatigue takes a major toll on cybersecurity personnel leading to them to feel overworked. Beyond automation and vulnerable systems, teams will need to reevaluate their toolkit to streamline these preventative processes, now and going forward.