Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Who Killed My Hard Drive?

University study examines the causes and costs of hard drive failure

You've heard the threat before: A virus or Trojan could infect your PCs and wreck their hard drives. But how often does it really happen -- and how bad is the damage?

A new university study suggests that hard-drive-killing attacks launched by hackers are actually pretty rare -- but when they do occur, they can be more costly than most companies think.

The study, published last quarter by professors at the University of Pepperdine and commissioned by data recovery vendor Deepspar Technologies, looks at the causes of hard drive failure and offers insights on just how "fatal" a fatal drive error can be.

Aside from physical theft, hard drive failure is the most common cause of data loss on PCs, the study says, accounting for 38 percent of data loss incidents. In about 30 percent of these cases, the loss of access is the result of drive problems, where corruption of the media makes the data unreadable.

Software corruption, which is the usual path used by hackers and viruses to "crash" a hard drive, only causes data loss in about 13 percent of cases, according to the study. Such incidents are only slightly more frequent than drive losses caused by human error (12 percent), the study says.

But while remote attacks may cause fewer drive crashes than many users believe, the cost of those crashes may be higher than many executives expect, the study states.

The IT costs associated with a drive failure are fairly easy to measure, the study says. In cases where the data can be restored by an in-house staffer -- which happens about 40 percent of the time -- the cost is about $350. If the drive has to be sent out to a recovery service, the cost is around $1,500. On average, then, the IT cost of a failed drive is about $1,150, the study says.

But many companies fail to factor in the cost of lost productivity, the study observes. If you add up the average time it takes to restore data on a failed drive and multiply it by the cost of the employees affected, there is a lost productivity cost of about $1,750 per drive failure, the researchers say. And if you add productivity costs to IT costs, the average drive failure cost is about $2,900 -- assuming you can recover the data from the damaged drive at all.

If a hacker or virus does successfully crash a hard drive, the study recommends caution in trying to recover the data internally. "Non-professional tools and system software (e.g., chkdsk) often fix errors by overwriting the file system on the drive," the study says. "Though this may repair the file system, it permanently destroys the data." About 15 percent of all non-recoverable data loss situations were created by prior non-professional data recovery attempts, the study says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Secure Computing Corp. (Nasdaq: SCUR)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Commentary
    Ransomware Is Not the Problem
    Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
    Edge-DRsplash-11-edge-ask-the-experts
    How Can I Test the Security of My Home-Office Employees' Routers?
    John Bock, Senior Research Scientist,  6/7/2021
    News
    New Ransomware Group Claiming Connection to REvil Gang Surfaces
    Jai Vijayan, Contributing Writer,  6/10/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: Zero Trust doesn't have to break your budget!
    Current Issue
    The State of Cybersecurity Incident Response
    In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-31476
    PUBLISHED: 2021-06-16
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
    CVE-2021-31477
    PUBLISHED: 2021-06-16
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
    CVE-2021-32690
    PUBLISHED: 2021-06-16
    Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
    CVE-2021-32691
    PUBLISHED: 2021-06-16
    Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
    CVE-2021-32243
    PUBLISHED: 2021-06-16
    FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).