Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/21/2018
08:15 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Global Cybercrime Costs Top $600 Billion

More than 50% of attacks result in damages of over $500K, two reports show.

In cybersecurity it can sometimes be hard seeing the forest for the trees. Constant reports about new attacks, breaches, exploits and threats can make it hard for stakeholders to get a picture of the full impact of cybercrime.

Two reports this week are the latest to take a crack at it.

One of the reports is from McAfee in collaboration with the Center for Strategic and International Studies (CSIS). It shows that cybercrime currently costs the global economy a startling $600 billion annually, or 0.8% of the global GDP. The figure represents a 20% jump from the $500 billion that cybercrime cost in 2014.

The other report from Cisco is based on interviews with 3,600 CISOs and shows among several other things that nearly half of all attacks these days end up costing the victim at least $500,000. Eight percent of companies in the Cisco report said cyber attacks had cost them over $5 million; for 11% the costs ranged between $2.5 million and $4.9 million. The figures include direct and indirect costs such as those associated with lost revenue, customers, and lost opportunities.

Together, the two reports paint a picture of a landscape that is getting from bad to worse in a hurry.

"Cybercrime impacts economic growth. This is not an IT issue but something much bigger," says Raj Samani, chief scientist at McAfee. "Nearly every breach focuses on attribution or the technique, but we rarely ever discuss what the real impact is," Samani says. The net result is that many organizations continue to view cybercrime as a somewhat abstract issue. "I am constantly told 'this does not impact me,'" Samani says. "Yet cybercrime impacts every one of us."

As with many other reports that have attempted to calculate total cybercrime costs, the $600 billion figure in the McAfee/CSIS report is based on estimates. It represents total estimated losses due to theft of intellectual property and business confidential information, online fraud and financial crimes, personally identifiable information, financial fraud using stolen sensitive business information and other factors. Other estimates have put the number much higher, some far lower.

As the report makes clear, underreporting by victims and the overall paucity of real data surrounding cybercrime incidents worldwide have made it extremely hard to get a truly precise estimate of cybercrime costs. In many cases, organizations only report a fraction of their actual losses from cybercrime to avoid reputational damage and liability risks. So to calculate cybercrime costs, McAfee and CSIS borrowed modeling techniques that have been used previously to estimate costs associated with other criminal activities such as maritime piracy, drug trafficking, and transnational crime by organized groups.

The exercise showed that costs of cybercrime have increased significantly in recent years as the result of state-sponsored online bank heists, ransomware, cybercrime-as-a-service, and the growing use of anonymity-enabling technologies like Tor and Bitcoin, McAfee and CSIS said. Malicious activity on the Internet is at an all-time high, with some vendors reporting 80 billion malicious scans, 4,000 ransomware attacks, 300,000 new malware samples and 780,000 records lost to hacking on a daily basis, the report said.

The theft of intellectual property and business confidential information has been a huge reason for the higher cybercrime costs globally. According to McAfee and CSIS, intellectual property theft accounts for at least 25% of overall cybercrime costs. Such theft can include everything from patented formulas for paints to designs for rockets and other military technology. Over the years, the theft of IP has become a huge problem for many industries and has impacted the ability of companies to compete and to profit from their innovations. Yet, it remains one of the most underreported forms of cybercrime.

"[IP theft] is probably the most surreptitious form of data theft," Samani says. For example, a ransomware infection is clearly obvious, and with other forms of data theft or breaches there is an obligation to report. "However IP theft and calculating the cost becomes invisible to the victim, particularly since proving that a competing product was derived from a historical breach is very difficult," he says.

Europe appears to be the region most impacted by cybercrime, but that is likely also in part due to the maturity of the breach reporting habits of organizations there compared to other regions, Samani says.

Cisco's report meanwhile showed that in addition to increasing financial costs, organizations are also becoming more vulnerable to attacks on their supply chain. Supply chain attacks, according to the company, have increased in complexity and frequency and have heightened the need for organizations to pay close attention to their hardware and software sources.

Enterprise security environments have become much more complex as well. Twenty-five percent of the security executives Cisco interviewed said their organizations used security products from between 11 and 20 vendors. Sixteen percent said their organizations were using between 21 and 50 products. The complexity has begun impacting enterprises' ability to defend against threats, Cisco said.

Franc Artes, an architect in the security business group at Cisco says the new report marks the first time the company asked respondents to indicate a range of their financial loss from a security incident. In last year's report, one-third of those who suffered a breach reported a revenue loss of 20%, he says.

Cisco's latest survey shows that attackers are evolving their techniques faster than the ability of defenders to keep up. Troublingly, as organizations continue to leverage their operational technology (OT) infrastructure and create connectivity to these systems, the recognition of it being a vital attack vector has grown as well, Artes says.

"Nearly 70% of the respondents stated they see their OT infrastructure as an attack vector; 20% stated that while it wasn’t currently, they expected it would be in the next few years."

Related content:

 

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10102
PUBLISHED: 2019-07-22
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: ne...
CVE-2019-10102
PUBLISHED: 2019-07-22
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
CVE-2019-10102
PUBLISHED: 2019-07-22
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections ...
CVE-2019-9959
PUBLISHED: 2019-07-22
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVE-2019-4236
PUBLISHED: 2019-07-22
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to ...