News Feature | November 13, 2015

Why You Should Share Findings From The "2015 Cost Of Cyber Crime Study" With Your IT Clients

Christine Kern

By Christine Kern, contributing writer

Why You Should Share Findings From The “2015 Cost Of Cyber Crime Study” With Your IT Clients

HP Enterprise Security partnered with the Ponemon Institute to create the sixth annual study of the costs of cybercrime. The 2015 Cost of Cyber Crime Study identifies the most costly types of crime, and also highlight the need for a shift in security strategy to heighten protection of interactions among users, applications, and data.

The study revealed the mean annualized cost of cyberattacks for 58 benchmarked organizations has grown to $15 million. Last year that number was $12.7 million indicating an increase of 19 percent year over year. The net increase of cybercrime over six years is 82 percent.

Dr. Engin Kirda, founder and chief architect for Lastline, responded to the report: with information that may be useful to share with your clients when discussing security. “The findings of the study are not surprising. Many attacks are still successful as some of the current, modern defenses we have (e.g., sandboxing) have not yet become main stream. Unfortunately, the attackers have adapted and evolved faster than the organizations they are targeting. At the same time, the awareness of such attacks has also increased and studies like this help,” he said.

The report underscored the importance of detecting a cyberattack as quickly as possible. István Szabó, product manager of syslog-ng, BalaBit, explained, “This data aligns with recent reports. According to the latest Verizon Data Breach Investigating Report, in 60 percent of cases attackers are able to compromise an organization within minutes. So time is the key in similar situations, and there are three steps to accelerate response times: detection, investigation, and preparation.”

Jeff Hill, channel marketing manager for STEALTHbits, elaborated, on the relationship between response time and mitigating damage from an attack — including the costs associated with it. “The report highlights the direct relationship between the overall cost of a breach, and the time it takes to detect and stop them. The longer the attack is active and undetected, the higher the cost to the organization,” he pointed out. He said attacks by malicious insiders using legitimate credentials take the longest — 54 days — to resolve. “Detecting these ‘authentication-based’ attacks early is arguably the preeminent challenge facing security professionals today,” he said.

John Marshall, VP of technical services for STEALTHbits, pointed out the cost of insider threats may even be underestimated. He explained that the solutions highlighted in the report may not have taken in to account all of the malicious activity that took place prior to the breach being detected.

You may want to share these report findings with your clients to help them understand the importance of your solutions and services that help guard against cyberattack.