Attacks/Breaches
8/2/2011
02:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Cybercrime Cleanup Costs Spike

Ponemon study finds median cost of responding to successful security breaches increased by 56% over the past year, thanks to more persistent and sophisticated attackers.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Over the past year, the median cost of cybercrime increased by 56%, and now costs companies an average of $6 million per year.

That finding comes from Ponemon Institute, which on Tuesday released its Second Annual Cost of Cyber Crime Study, sponsored by HP ArcSight. For the study, Ponemon questioned 50 U.S.-based businesses, ranging in size from 700 to 139,000 employees, about "the direct, indirect, and opportunity costs that resulted from the loss or theft of information, disruption to business operations, revenue loss, and destruction of property, plant, and equipment."

Ponemon found that from 2010 to 2011, the time and cost required to respond to security breaches has been increasing. Notably, the time organizations required to respond to a successful attack increased from 14 days last year to 18 days this year. Over the same period, the average daily cost of attacks increased from $17,600 to nearly $23,000.

In addition, the study found that organizations experienced an average of "72 discernible and successful cyber attacks per week," which is an increase of 44% from the previous year. Of the resulting costs incurred by organizations, the largest was information loss (accounting for 40% of the total cost), followed by business disruption (28%), revenue loss (18%), and equipment damage (9%).

The increase in attack frequency--as well as companies seeing more sophisticated attacks--has led to related increases in cleanup costs and duration. "Really determined attackers often establish multiple beachheads within an organization, so cleaning up an attack is not just about quarantining one device," said Ryan Kalember, director of product marketing at HP ArcSight, in an interview. In other words, once attackers break in, identifying the potentially breached information, as well as all systems that may have been infected with rootkits, backdoors, or other malware, becomes more difficult.

In terms of attack type, 100% of organizations reported experiencing viruses, worms, or Trojans, followed by malware (96%), botnets (82%), Web-based attacks (64%), stolen devices (44%), malicious code (42%), malicious insiders (30%), and phishing and social engineering (30%).

Some types of attacks cost more and take more time to fix. Overall, the costliest attacks involved denial of service, and cost companies in total about $188,000 per year, weighted by frequency of attacks. That was followed by Web-based attacks ($142,000), malicious code ($127,000), and malicious insiders ($105,000).

Once an organization suffered a breach, on an annualized basis, proportionally speaking, its cleanup spending went to recovery (24%), followed by detection (21%), containment (16%), investigation (16%), and ex-post response, including remediation (15%). In terms of industries, the defense sector spent the most money responding and mitigating attacks, followed by utilities and energy companies, and financial services firms.

This Ponemon study's results differ notably from other data breach cost studies, such as Symantec's annual study on the cost of data breaches (also conducted by Ponemon), or the 2011 Data Breach Investigations Report from Verizon. Notably, this new study found that the defense sector, as well as utilities and energy companies, faced the most breaches per year--whereas the Verizon study said that the hospitality and retail sectors were hardest hit.

Kalember at HP ArcSight said many of the differences can be explained by this study focusing on overall cyber crime, rather than individual breaches. In addition, the data set used by Verizon draws from Secret Service and Dutch High Tech Crime Unit investigations, meaning it's based on incidents that companies report to authorities. "But I'm guessing that most cyber crime that happens in these organizations doesn't get reported to police," said Kalember. In addition, while this Ponemon report focused on cyber crime, the Verizon study took a broader approach, for example including card-skimming attacks that harvest debit and credit card data.

Regardless of the data set, numerous studies, including this one, suggest that online attacks are growing more sophisticated, and thus dangerous. "The fact that discernible attacks in this year's study have increased--coupled with the fact that the time to resolve attacks has also increased--suggests the cyber crime landscape continues to evolve in terms of attack severity and frequency," according to the study. "In other words, results of the present study suggest things might be getting worse."

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.