The cost of cyber crime in the US has risen by $15 million according to a new Ponemon report sponsored by Hewlett-Packard. The Cost of Cyber Crime Study also examined global costs, which are not as high on average as those in the U.S. For the 2015 study, the global average annualized cost of cyber-crime is $7.7 million for a 1.9 percent year-over-year increase. The global study methodology examined 252 companies across seven countries, with 1,928 attacks used to measure the total cost. Specifically in the U.S., the study looked at 58 companies, with 638 cyber-attacks used to measure the total cost. Security experts from Tripwire, Securonix, Lastline, Stealthbits and BalaBit commented on the climbing cost of cyber crime.
[su_note note_color=”#ffffcc” text_color=”#00000″]Dr. Engin Kirda, Founder and Chief Architect, Lastline :
The findings of the study are not surprising. Many attacks are still successful as some of the current, modern defenses we have (e.g., sandboxing) have not yet become mainstream. Unfortunately, the attackers have adapted and evolved faster than the organisations they are targeting. At the same time, the awareness of such attacks have also increased and studies like this help.[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]John Marshall, VP of Technical Services, STEALTHbits :
“Internal threats are likely to have been running for extended periods of time before detection and that none of the technology solutions highlighted in the report should be positioned as allowing an organization to understand what malicious activity took place prior to being detected (at which point monitoring and/or blocking becomes an option). Therefore the assumption would be that the costs of insider threats will be significantly under-estimated.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Jeff Hill, Channel Marketing Manager, STEALTHbits :
“The report highlights the direct relationship between the overall cost of a breach, and the time it takes to detect and stop them. The longer the attack is active and undetected, the higher the cost to the organization. And which attacks are most difficult to discover? Malicious insiders, which take, on average, over 54 days to resolve, timeframes that dwarf conventional threats like malware (less than 6 days). Whether it be a an actual disgruntled employee, or an external attacker compromising legitimate credentials, the most effective attacks – and those most difficult to detect – are the ones that abuse legitimate credentials. Detecting these “authentication-based” attacks early is arguably the preeminent challenge facing security professionals today.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]István Szabó, Product Manager of syslog-ng, BalaBit :
This data aligns with recent reports. According to the latest Verizon Data Breach Investigating Report, in 60% of cases attackers are able to compromise an organization within minutes. So time is the key in similar situations, and there’s three steps to accelerate response times:
- Detection: a monitoring solution with real-time alerting and blocking capabilities helps to detect possible attacks faster. It’s important that this is automatized, as human interaction is always much slower.
- Investigation: providing relevant context for the security team lets them focus on the important events. Accurate contextual information (such as logs, activity monitoring audit trails, etc.) enables the team to accelerate the forensics investigation and response.
- Be prepared for the unexpected: having security policies, guidelines and action plans have to be defined in advance. There should be as much as possible automated, or at least standardized processes to implement counter measures instead of just improvising.[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Stewart Draper, Director of Insider Threat, Securonix :
“The Ponemon report again highlights the tremendous risks that insiders pose. The least frequently seen attack vector at 35% of respondents but most costly at over 144,000 per incident and longest to resolve. In my experiences the immaturity of most insider programs mean a lot of events go unnoticed that would raise these numbers much higher. The implementation of behavior analytics can dramatically help in detection and prevention of these events.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Senior Security Analyst at Tripwire :
“The HP report illustrates that preventing cybercrime is like preventing cancer, early detection is the key to quickly containing and remediating security incidents before they spread and attackers gain access to critical infrastructure.
The fact that we are still seeing insider threats as a substantial risk to organizations reveals the reliance and trust organizations place in their employees. Particularly in IT where there is a continuous drive to automate processes and decrease overall head count. The privileged insider in particular has an increasing capacity to cause damage to systems and steal information, so it is critical that organizations deploy stronger monitoring of these accounts.
It’s not surprising to see that cybercrime has become more costly to businesses. As cybercrime becomes more profitable and cyber criminals become more organized and persistent, this pattern will continue to escalate.”[/su_note]