Panic in Paradise: A False Positive Wake Up Call
After a long day of soaking in the sun at the Praia do Canal Nature Resort at Probely’s offsite in the south of Portugal, the team is settled off to sleep in their rooms. The layout of the hotel is unique, with many individual 2-story buildings built next to each other on the resort, with separate upstairs and downstairs rooms in each.
Tired from a day of adventure from a 2-hour hike, the sounds of roaring winds from the coast lull the team to sleep.
An Unexpected Wake Up Call
“BEEP BEEP BEEP BEEP”
It’s 1:34 AM and the fire alarm is going off.
The entire team is abruptly woken up by the deafening screech of the fire alarm. Everyone is suddenly snapped awake and confused in a state of panic.
What’s happening? Is the resort on fire? For a moment, it feels like the world is ending.
It takes your brain a few moments to realize what is happening when waking up so abruptly.
The only light inside the room is coming from the flashing fire alarm. The team is left scrambling around in an unfamiliar location searching for top items: Phone, wallet, keys… Where is your passport? Next, shoes, and your luggage.
You think to yourself, “Should I really take my luggage out with me?”
What if this is just a false alarm?
Just because you don’t see or smell the smoke yet, doesn’t mean that the damage couldn’t have already been done outside.
Meanwhile, the rest of the team can be found scrambling to figure out what is going on. Some called the front desk to ask about the fire alarm, some thought it could be a different alarm (carbon monoxide), while others thought that it was their fault for switching on the wrong light.
After a moment to think, you open your room door to meet your team outside. Greeted by familiar faces equally mixed in a state of shock and frustration, you hear our CEO, Nuno, call out to the team that it was “Just a false positive”. You feel a rush of relief.
Reflections from the team
“I’ve had to deal with false positives in fire alarms in the middle of the night a few times in my life”, said Nuno. “My first instinct when I woke up and realized there wasn’t a fire in my unit, was to dismantle the alarm, to turn the damn thing off.”
“When I woke up with the alarm, I saw a mosquito flying out of it, and thought that was what triggered the alarm. As a tech-savvy person, I hit the alarm while trying to shut it down. Didn’t work,” reflected Tiago Mendo, Probely’s CTO.
False Positives | Putting out Fires
Even though this wasn’t a premeditated event, it ended up being a good lesson for the team on the impact of false positives. At Probely, we thrive at having one of the best false-positive rates in the market, and incidents like this help pass the message to the other team members.
False positives can be incredibly jarring, especially when it comes to cyber security.
As a CISO, you’re primarily responsible for protecting your organization from cyber threats, so receiving a false positive can be frustrating. Your first thought is, “What if this is real?” You immediately need to take the time to assess the situation.
Once you’ve determined it’s a false-positive, you’ll start losing trust in the control that raised the alarm. The more often it happens, the more likely you’ll start ignoring all alerts.
You need to figure out the fastest path to prevent false alarms. Just because you realized the vulnerability isn’t real, it doesn’t mean damage hasn’t been done: Wasted time and resources from your team can add up over the course of the year. And the price of missing a real high-risk vulnerability might be too high.
False positives can lead to alert fatigue, which is a real issue in the cybersecurity world. It can be incredibly overwhelming to constantly be on the lookout for potential threats. If you’re constantly dealing with false positives, you’re never sure when a real threat is lurking. It’s hard to determine which is which, so you’re left in a state of constant vigilance. Could you imagine if your fire alarm went off every night? It’s the same kind of feeling.
A 2022 study (*) found that more than half of security teams spend more than 20% of their time deciding which alerts to handle first, while a quarter of teams spend more than 40% of their time prioritizing alerts.
How can you prepare for them, so you don’t experience the same kind of panic in the future? With the right precautions, you can ensure that your organization is ready to avoid the next false positive so that your team can do better things with their time… At Probely, we prefer hiking, but, with all the extra time saved, you can really plan for anything!
Source:
*) “Orca Security Survey Finds Cloud Security Tool Sprawl Increasing the Flood of False Positive Alerts, Missed Critical Issues, and More.” Bloomberg, Bloomberg, 15 Mar. 2022, www.bloomberg.com/press-releases/2022-03-15/orca-security-survey-finds-cloud-security-tool-sprawl-increasing-the-flood-of-false-positive-alerts-missed-critical-issues-and.