Cyber Crime Incidents, Resolution Costs On the Rise

 

Cyber attacks, maleware, phising, Denial of Service Attacks - where do enterprise security threats end? The short answer is it never does.

 

According to a recent security based survey from Kaspersky Lab, nearly 200,000 new malicious software programs appear around the world each day. It has come as a real surprise to all who read the report which demonstrates few IT executives recognize the extent of the threat. Kaspersky Lab's survey, conducted with B2Bof 2013 Global Corporate IT Security Risks, found that 90 percent of participants underestimate the quantity of maleware in existence. Four percent guessed too high, and only 6 percent were accurate.


The consequence of malware to organizations is costly in terms of compromised data: Vulnerabilities in software used by a company, employees’ intentional or negligent actions, or the loss or theft of mobile devices caused a significant proportion of incidents that led to the loss of valuable, business-sensitive data.

 

Additionally, a new study conducted by the Ponemon Institute shows cyber crime incidents are now more costly than ever.


These incidents cost U.S. organizations an average of $12.7 million to detect, recover, investigate and manage incident response following an attack. The 2014 Global Report on Cost of Cyber Crime found the time for organizations to resolve an incident is also increasing, with incidents lasting an average of 31 days, accompanied by a $20,000 price tag per day—up 23 percent from last year.

 

“It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The ability to remain under the radar enables the adversary to invade your system even further – making it more difficult to eliminate the attack completely, and increasing overall costs.”


Why such an increase in both volume and resolution costs? Many times the attack actions are silent and are masked by the growing volumes of data in the enterprise. For an organization to thwart more attacks and minimize the damage they need better detection policies and escalation procedures at a more granular level. Building a data warehouse is easy. Securely operating the data warehouse requires diligence and sophisticated analytics.


The study was based on surveys from 257 companies from various industry sectors in the United States, United Kingdom, Germany, Australia, Japan and France, measuring the cost from more than 1,700 attacks.

 

Some key findings from the study also revealed:

 

1. Organizations experienced an average of 138 successful attacks per week, compared to 50 attacks per week when the study was initially conducted in 2010.

 

2. The average annualized cost of cyber crime varies across industries, where organizations in the financial services, energy and utilities sectors experience substantially higher costs than other organizations.

 

3. The most costly incidents involved malicious insiders, denial of services and web-based attacks, totaling more than 55 percent of the incidents investigated.

 

4. Business disruptions accounted for 38 percent of external costs, such as costs associated with business process failures and loss of employee productivity.


According to the report, it now takes a large organization an average of 31 days at a cost of $20,000 per day to clean up and remediate after a cyberattack, with the total price tag for a data breach now at nearly $640,000. That's an increase of 23% over last year, says Larry Ponemon. (They specialize in looking at what organizations end up paying after a breach.)


"The most surprising finding from this study was that it takes an average of 31 days to resolve a cyberattack, costing an average of $20,000 per day," says Ponemon, whose study was commissioned by HP. "It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it. The ability to remain under the radar enables the adversary to invade your system even further -- making it more difficult to eliminate the attack completely, and increasing overall costs."

 

Enjoyed the article?

Sign-up for our free newsletter to kick off your day with the latest technology insights, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.


E-mail address
Tagged in: analytics CIO security

Comments