A new study conducted by the Ponemon Institute revealed cyber crime incidents are now more costly than ever, costing U.S. organizations an average of $12.7 million to detect, recover, investigate and manage incident response following an attack.
Additionally, the 2014 Global Report on Cost of Cyber Crime found the time for organizations to resolve an incident is also on the rise, with incidents lasting an average of 31 days, accompanied by a $20,000 price tag per day—up 23 percent from last year.
“It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it,” said Larry Ponemon, chairman and founder of the Ponemon Institute.
“The ability to remain under the radar enables the adversary to invade your system even further – making it more difficult to eliminate the attack completely, and increasing overall costs.”
Dwayne Melancon, Tripwire CTO, says these growing issues are often caused by companies being blindsided: “The problem is that many of the actions taken by attackers are subtle, and are masked by the volume of information we’re trying to monitor within security functions in the enterprise. To improve this situation, we need to get better at noticing the differences between ‘normal’ and ‘abnormal’ in the environment.”
This year’s annual study was based on results sampling 257 companies from a variety of industry sectors in the United States, United Kingdom, Germany, Australia, Japan and France, measuring the cost from more than 1,700 attacks.
Other key findings from the study also revealed:
- Organizations experienced an average of 138 successful attacks per week, compared to 50 attacks per week when the study was initially conducted in 2010.
- The average annualized cost of cyber crime varies across industries, where organizations in the financial services, energy and utilities sectors experience substantially higher costs than other organizations.
- The most costly incidents involved malicious insiders, denial of services and web-based attacks, totaling more than 55 percent of the incidents investigated.
- Business disruptions accounted for 38 percent of external costs, such as costs associated with business process failures and loss of employee productivity.
One of the most effective ways to overcome these alarming statistics is to develop a clear, continuous understanding of your IT environment – not only what you have and how it is configured, but what it should look like based on your configuration standards and how configurations change over time, adds Melancon.
“Abnormal states and abnormal changes begin to stand out. Likewise, having a baseline understanding of user activity, data flows, communication paths, and so forth can further increase the odds that subtle, dangerous activities are detected soon – before your business suffers.”
Read More Here…