Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

5/3/2019
07:00 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Cybercrime Study Finds Increasing Costs as Well as Changing Targets & Methods

Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources.

In the Ninth Annual Cost of Cybercrime Study, Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources. They interviewed 2,647 senior leaders from 355 companies and drew on the experience and expertise of the Accenture Security professionals to examine the economic impact of cyber attacks.

Accenture thinks that attacks are evolving from the perspective of what they target and how they impact organizations as well as the changing methods of attack that they employ. Extended supply chain threats are also challenging an organization's business ecosystem. Attackers have slowly shifted their attack patterns to exploit third- and fourth-party supply chain partner environments to gain entry to target systems -- even those industries that have mature cybersecurity standards, frameworks and regulations. Supply chain attacks are a way around all that preparation.

The report finds information theft is the most expensive and fastest rising consequence of cybercrime. This kind of theft is expected and the predominate mental threat model the security team uses, without doubt.

But data is not the only target. Core systems, such as industrial controls or other operational technology, are being attacked in a "dangerous trend to disrupt and destroy." Attacking an enterprise's data integrity or preventing data toxicity may be the next frontier in security.

One thing seems to be clear: Humans are increasingly targeted as the weakest link in cyber defenses.

The report found that the expanding threat landscape lead to an increase in cyber attacks. The average number of security breaches in an enterprise during the last year grew by 11% from 130 to 145.

While Internet dependency and the digital economy are flourishing, 68% of business leaders said their cybersecurity risks are also increasing. Almost 80% of organizations say that they are introducing digitally fueled innovation faster than their ability to secure it against cyber attackers.

Along with increased attack incidence came increased spending on remediation. The report found the average cost of cybercrime for an organization increased US$1.4 million to US$13.0 million.

Accenture also found that the banking and utilities sectors continued to have the highest cost of cybercrime across their sample with an increase of 11% and 16% respectively. The energy sector remained fairly flat over the year with a small increase of 4%, but the health industry experienced a slight drop in cybercrime costs of 8%.

There are location based differences shown as well. the United States continued to top the danger list with the average annual cost of cybercrime increasing by 29% in 2018 to reach US$27.4 million. However, the highest increase (31%) was experienced by organizations in the United Kingdom which grew to US$11.5 million, closely followed by Japan which increased by 30% in 2018 to reach US$13.6 million on average for each organization.

Expenditures for investigating a breach have decreased in three of the four years of analysis. Accenture says that the decreases in spend are due to improvements in forensic analysis capabilities and threat hunting tools. Another factor they cite influencing the reduction in spend is the expanded use of cloud services, which make the investigation of cyber threats more efficient.

The report shows that while the specifics of an attack will change over time, there are trends exhibited by those changes that can be of use.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.