hat’s the all-too-common question when a major cyber incident is discovered—or, too often, announced. Up to 70 percent of data breaches are detected by third parties rather than by organizations’ own security operations teams, a clear indication that most current methods of security monitoring are inadequate for a cyberattacks.
From a business perspective, for all the money companies spend on the latest detection technologies, IT shouldn’t miss anything at all, right? Ironically, the reason so much is being missed may be that IT is capturing too much in the first place: The people with “eyes on the glass” are seeing and evaluating tens or hundreds of thousands of alerts daily. Talent shortages of the right skills exacerbate the problem. Worse, the sea of alerts has no bottom. Cisco estimates that Internet traffic will grow at a compound annual growth rate of 23 percent from 2014 to 2019 in cyberattacks.