Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/3/2011
11:29 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Productivity, Data Losses Biggest Cost In Cyberattacks

Global survey finds attacks on DNS, network-layer denial-of-service attacks most frequent and toughest to stop

The typical cost of a cyberattack during the past year was $682,000, according to a newly published global survey of IT managers from 1,000 organizations.

The Applied Research survey, commissioned by F5 Networks, found that attacks against Domain Name System (DNS) infrastructure and network-layer denial-of-service (DoS) attacks overall are the most difficult to defend against and are the most frequent and painful to an organization. About half said their current security is "somewhat effective," while 32 percent said it's "completely effective."

The biggest cost to organizations from a breach was lost productivity, which 50 percent reported, followed by loss of data (43 percent), lost revenue (31 percent), loss of customer trust (30 percent), regulatory fines (24 percent), and theft of money or goods (19 percent).

"The loss of data [cost] was higher than I would have expected," says Alan Murphy, senior technical marketing manager for F5.

Nearly half said they somewhat or extremely frequently see attacks that access unencrypted data, followed by 43 percent experiencing the same with DNS attacks, security misconfigurations, and cross-site scripting. Around 42 percent experience network-layer distributed denial-of-service attacks and cross-site request forgery attacks somewhat or extremely frequently.

Firewalls mostly or completely handled these and other attacks around 70 to 74 percent of the time. More than 40 percent say a firewall failed due to a network-layer DoS attack, and just more than 35 percent had the same problem with an application-layer DoS attack.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/13/2020
Where are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11496
PUBLISHED: 2020-10-19
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to ...
CVE-2020-15822
PUBLISHED: 2020-10-19
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
CVE-2020-24375
PUBLISHED: 2020-10-19
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
CVE-2020-7193
PUBLISHED: 2020-10-19
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7194
PUBLISHED: 2020-10-19
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).