The Ponemon Institute has just released the 6th annual Ponemon Institute 2015 Cost of Cyber Crime. The report notes that the average cost of a cyber attack has climbed significantly, and is now $12.7 million (up from $11.6M in 2014). Resolution times have also increased significantly, 32 to 45 days – a 41% increase.
In response, István Szabó, Product Manager of syslog-ng at BalaBit offers three crucial steps organizations need to take to accelerate both their detection times and response/recovery effots. “The Ponemon data is in step with recent reports,” says Szabó. “For example, according to the latest Verizon Data Breach Investigating Report, in 60% of cases attackers are able to compromise an organization within minutes.”
“Time is the problem, and rapid response is essential. To accelerate response times, organizations must take three key steps :
- Detection : a monitoring solution with real-time alerting and blocking capabilities will help organizations detect possible attacks faster. It is important to have this process automated, as a manual analysis that requires a human interaction is always much slower. Automated processes can however give a lot of alerts, some of which may be false positives, resulting in overloading the security team with alerts – each of which needs investigation. We all know that the response time of an overloaded team is far from being ideal therefore it is highly important to have systems in place which prioritize the alerts and assign a context dependent risk score to each alert so that security teams can focus on what’s really important.
- Investigation : the ability to provide relevant data for the security team is key, and underscores the importance of effective monitoring. Just as important is adding accurate contextual information to the collected footprints (such as logs, activity monitoring audit trails). This enables the team to accelerate the forensics investigation and respond to security incidents faster, reducing and even eliminating risks.
- Preparation : in security as with everything important in life, it’s crucial to be prepared for the unexpected. Security policies, guidelines and action plans must be defined in advance. Whenever the root cause is identified, there should be as much automated and immediate response as possible, or at least standardized processes to implement counter measures. Especially in tough situations, improvised solutions could have negative side-effects and impacts on business continuity.
Balabit Product Evangelist Márton Illés adds : “Malicious insiders and web based attacks are still among the most costly attack types, but the Ponemon Institute’s 2015 Cost of Cyber Crime Report report cites that network layer IT security spending has still the highest budget allocation at surveyed organizations. Organizations need to balance in their spending more effectively and improve the defense layers – such as the application and the “user layer” – to combat these costly threats. Monitoring high risk users affords more protection against both external and malicious insider originated attacks, and speeds recovery.”
“The report makes it clear : detection is still the most costly internal activity. The deployment of security intelligence systems could improve detection and result in a significant cost savings. Efficient monitoring and detection can reduce the time to contain the attack, where mean number of days is still 46 with an average cost of $21k per day.”[su_box title=”About BalaBit” style=”noise” box_color=”#336588″]BalaBit‘s global customer base includes many Fortune 100 companies. BalaBit’s Contextual Security Intelligence (eCSI) gives enterprises real-time analyzed monitoring information to support security decisions and increase business efficiency, while providing IT with reliable Log Management, Privileged User Monitoring and User Behavior Analytics. BalaBit, founded in 2000, has long track record as the developer of syslog-ng, the most popular open source log management tool with more than a million corporate users worldwide.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.