Poorly configured rules: Rules that do not apply to the environment security analysts monitor can lead to too many false positives. Inadequately tuned rule management policies: Organizations succeed in cybersecurity when they regularly update system rules to keep pace with the ever-evolving threat landscape. Too many manual alarms: Companies can automate many if not all security systems to take care of alerts that do not really require manual investigation.
They should take advantage of automation features to avoid alert fatigue. Lack of task rotation: The ideal task ratio for security analysts is Keeping them on a single task, particularly monitoring alerts, contributes to alert fatigue. This applies to both work and life outside work. Normalization of apathy about the primary O-ring on the Challenger space shuttle led to the Challenger explosion in Just like an endless stream of prank calls might lead you to block a number or turn off your phone, an endless stream of false, redundant, or unimportant alarms often leads to ignoring them.
Repetition of the same alert causes even greater alert fatigue. As in the example of the unfortunate hospitalized teen above, the greatest risk of alert fatigue is missed or ignored alerts. In DevOps and IT Ops, this can lead to more incidents and major consequences in both revenue, cost, and brand reputation.
Alert fatigue also impacts response times. After all, if the last 10 alerts that came in were false alarms, is an on-call employee equally as likely to abandon their dinner or sleep for the 11th alert as they were for the first?
Or might they justify finishing dinner first? Constant alerts, sleep interruptions, and full inboxes are a recipe for employee burnout and can lead to higher turnover, lower job satisfaction, and lower productivity.
Alert fatigue is a significant problem across a variety of industries—and one that comes with some dire consequences. So, how do we avoid the ignored alerts, slow response times, and employee burnout? Experts point to alert processes and policies themselves as the way forward.
One way to prevent alerts from overwhelming your on-call professionals is to set intelligent thresholds for them. The key question here is this: Does every alert need immediate attention? Are all alerts created equal? Which issues require an immediate alert and which can be dealt with during normal working hours?
The answer is always a balancing act. Because too few alerts can mean missed incidents, but too many can also lead to missed incidents through alert fatigue.
We work very hard to avoid false positives because false positives are one of the worst things you could do to any warning system. It just makes people tune them out. Setting alert priorities and using visual, audible, and sensory cues to indicate importance can reduce alert fatigue by a large margin. Again, the aviation industry sets a good example of not only aggressively setting tiers for their priorities, but also clearly indicating priority with a variety of visual and sensory cues.
No one wants these alerts ignored and so they get their own special category. As the importance of the alerts drops, so too do the visual, audible, and sensory cues around that alert. Warnings merit red lights, text messages, and voice alerts though not a shaking steering mechanism. Cautions generally trigger amber lights and text messages. And advisories are amber text messages—no lights. Vague alerts require more focus, attention, and time than specific, actionable alerts.
For workers who are already fatigued by the sheer number of alerts, requiring more focus and attention is a recipe for low productivity and missed alerts. This is another place where we can learn from the aviation industry.
Redundant alerts are one of the major culprits in alert fatigue. Consolidating these alerts and reducing reminders where possible can help keep the alert load more manageable, leading to better attention from workers.
Even with intelligent thresholds and tiered systems, companies especially large companies may be handling a high number of alerts. Do you have enough on-call professionals? Is the burden of alerts falling too heavily on one person or team and can that burden be shared?
How frequent are alerts? Are there certain times that need greater or less coverage? The typical DevOps professional uses at least five tools to get to the bottom of performance issues.
This means multiple alert locations, styles, and types. Why does alert fatigue matter to process manufacturing plants? Alert fatigue can result in: Stressed-out employees, due to high adrenaline levels which cause them to feel overwhelmed. High burnout and churn rates as employees feel unable to cope with the stress. Workers becoming desensitized to alerts, causing them to fade into the background noise and no longer produce any response at all. How can process plants reduce alert fatigue?
Lower the incidence of false alarms False alarms, or false positives , can exacerbate alert fatigue. Expand the workforce Sometimes alert fatigue can be a sign that your employees are struggling to keep up with the workload.
Include context information When alert messages contain contextual data from machinery logs, parallel sensors, or other Industrial Internet of Things IIoT devices, it makes them far more actionable. Classify alert urgency When employees are flooded with too many alerts, they have to make snap decisions about which ones to prioritize.
Reduce the total number of alerts The best way to combat alert fatigue is to lower the number of alerts that employees have to respond to. How do process plants benefit from preventing alert fatigue?
Facebook Twitter LinkedIn. Recent Posts See All. October 13, Chemical Plants are Stepping into a Sustainable Future Sustainability tops the list of concerns for manufacturing and heavy industry, due….
0コメント