Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/31/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How Much Downtime Can Your Company Handle?

Why every business needs cyber resilience and quick recovery times.

Cyber incidents in the past few years have captured the attention of business executives. The World Economic Forum's "Global Risks Report 2020" cites cyberattacks among today's top 10 business risks in terms of their likelihood of occurring and ability to inflict catastrophic damage. According to PwC's "Global CEO Survey," 53% of American CEOs are losing sleep over the potential for cyber threats to obliterate their company's prospects for growth.

Remember Hurricane Katrina, the brutal Category 5 hurricane that hit Florida and Louisiana in 2005? Causing a mindboggling $125 billion in damages, it was America's most destructive natural disaster ever. Still, the fabled insurer Lloyd's of London warned in 2017 that cyberattacks could wreak even worse damage.

Cybercrime will be a massive problem for businesses and governments over the next 10 years. Because companies and societies everywhere now rely on always-on IT networks, hiccups or stoppages can have wide-ranging negative effects — and cloud services are major targets.

Cloud Computing: A Double-Edged Sword
Corporate use of cloud computing has greatly expanded. Expenditures on it reached $273 billion in 2018 and are expected to reach $623 billion by 2025, according to industry reports.

But when petabytes of data are stored in the cloud, there is a twofold exposure to significant risk. If the local Internet service is attacked — say, overwhelmed by a distributed denial-of-service (DDoS) attack — no data will be processed. A DDoS attack in October 2019 took down Amazon Web Services (AWS) for roughly eight hours. Users couldn't connect because AWS misread their genuine queries as malicious. The Google Cloud Platform was hit by similar troubles at about the same time, but Google says they weren't due to a DDoS.

According to Link11's "2019 DDoS Report," the biggest attack we're aware of topped out at 724 Gbit/s in bandwidth. (Full disclosure: I am the COO of Link11.) This is significant because many large companies have a 10 Gbit/s or a 1 Gbit/s Internet connection, so a data tsunami of this size would exceed the size of the pipe by 70 to 700 times. This would stop the victim company's business in its tracks. And that means VoIP telephones would be useless for the entire duration of the attack.

What's even more ominous is the looming scenario of Industry 4.0, wherein production lines, warehouses, telematics services, smart grids, building automation (HVAC), etc., are all Internet-facing, meaning that a DDoS attack would be even more devastating. The longest DDoS attack Link11 defended during the second half of 2019 would have caused an outage for more than 100 hours, or five consecutive days.

The proportion of DDoS attacks that abused cloud servers grew from 31% in the second half of 2018 to 51% in the same period in 2019. Link11's research found that the number of attacks caused by cloud services more or less corresponded to the provider's market share: AWS, Microsoft Azure, and Google Cloud racked up more cases of corrupt clouds than smaller providers. In 2018, AWS accounts caused a 21-hour DDoS attack on the website of a California candidate for the US House of Representatives. One of the attacks disrupted a live political debate and generated roughly $30,000 in damages.

Complexity and Lack of Automation Create Security Challenges
FireMon's "2020 State of Hybrid Cloud Security Report" notes that many companies are losing the visibility required to safeguard their cloud systems. Eighteen percent of C-suite respondents see this as their biggest concern. Today, they need more vendors and enforcement points to maintain effective security.

Almost 60% of the respondents think their clouds have grown to the point that their ability to secure their networks in a timely way has been compromised. This percentage was about the same last year, meaning the industry has failed to make headway in this area. The number of security services and enforcement points needed to secure cloud networks is also growing: Just under 80% of respondents use two or more enforcement points. FireMon says that 59% said the same last year. Almost half of the respondents use two or more public cloud services, which further boosts complexity and lowers visibility.

The National Security Agency reports that cloud misconfigurations caused by human-errors are the top vulnerability for security incidents. This may come as no surprise if you consider that a troubling 65.4% of respondents still employ manual processes to manage their hybrid clouds. The Ponemon/IBM "2019 Cost of a Data Breach Report" finds that only 16% of companies use fully automated security solutions.

The potential financial consequences of this are huge. The average total cost of a data breach is 95% greater in companies that lack automated security.

New Regulations and Growing Costs
With revenue, profits, and reputation depending upon the availability and integrity of IT systems, the regulations that dictate network security are tightening up — far beyond GDPR,CCPA, and HIPAA.

The new Federal Financial Institutions Examination Council (FFIEC) guidelines state that if a cyberattack disrupts a company's operations, the firm must be back online within its "maximum tolerable downtime." The policy further stipulates that "whether driven by customer expectations or technological advancement, previously established [recovery time objectives (RTOs)] that were a few hours in duration may now require near real-time recovery. Therefore, it may be appropriate for management to reevaluate currently acceptable RTOs."

The message is clear: Time is of the essence. Malicious breaches are the most common, but inadvertent breaches stemming from human error and system glitches are still the root cause of nearly half (49%) of security incidents. The Ponemon/IBM study says that, respectively, these cause an average loss of $3.24 million and $3.5 million per incident. The cost of lost business averages $1.42 million.

Organizations in the middle of a large migration to the cloud at the time of an incident saw costs jump by $300,000, for an adjusted average cost of $4.22 million. The Ponemon/IBM report says that system complexity increased the cost of a breach by $290,000, for an average cost of $4.21 million.

The Final Word
Simply put, the faster a security incident can be dealt with, the lower its costs. Strict security automation and intelligent orchestration are key to containing damages. As companies implement cloud and digital transformation, they'll need security solutions that work seamlessly across multiple clouds. The RTOs of current solutions must be reviewed, as some may be unable to keep abreast of changing business demands. Two ways to offset the costs of a security incident are to create an incident response team and to extensively test the incident response plan.

Related Content

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?"

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20811
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVE-2019-20812
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
CVE-2020-13776
PUBLISHED: 2020-06-03
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVE-2019-20810
PUBLISHED: 2020-06-03
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
CVE-2020-4026
PUBLISHED: 2020-06-03
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted...