view counter

Cost of cyberattacks on the rise

Published 8 August 2011

A new study shows that cybercrime is costing corporations 56 percent more than last year; the study conducted by the Ponemon Institute and sponsored by ArcSight, an HP company, found that the median cost of cybercrimes for the fifty companies surveyed was $5.9 million; the increase in costs were largely due to hackers using stealthier techniques

A new study shows that cybercrime is costing corporations 56 percent more than last year.

The study conducted by the Ponemon Institute and sponsored by ArcSight, an HP company, found that the median cost of cybercrimes for the fifty companies surveyed was $5.9 million.

Cybercrimes can do serious harm to an organization’s bottom line,” the report said.

Larry Ponemon, the founder and chairman of Ponemon, said the increase in costs were largely due to hackers using stealthier techniques.

Sophisticated stealthy types of cybercrime are happening more frequently,” he said.

Last year companies were primarily hit by more visible attacks like viruses, worms, Trojans, malwares, and botnets, but “now we’re seeing more insidious kinds of attacks like malicious code, denial of service, stolen devices, Web-based attacks and malicious insiders,” Ponemon said.

 

Stealth attacks “are more costly to deal with,” because they take more time to address Ponemon explained.

With these clandestine attacks, hackers “move in quietly to position the attacker lower in the infrastructure and to be able to go after information in a longer term, strategic way,” said Prescott Winter, the chief technology officer of ArcSight Public Sector. “They’re more ingenious in how they launch the attack, which makes them harder to find once they launch it.”

In 2010 it took an average of fourteen days and $247,744 to clean up an attack, but this year due to the increase in covert cyberattacks, the average clean up now takes eighteen days and $417,748.

Ponemon added that the attacks have grown in sophistication making them harder to defend against.

Some of these intruders throw a one-two punch,” he said. For instance, some hackers will hit a company with a denial of service attack and while their resources are consumed with defending against that the attackers will launch another attack on the defender’s position using an insider threat or proliferating botnet software.

When you’re getting attacked from two fronts, it’s just harder to defend yourself,” Ponemon said.

Winter concluded grimly, “There’s no such thing as a bulletproof perimeter anymore.”

It’s absolutely guaranteed these days that the attacker will get in,” he said. “So the strategy has to change from watching the outside wall to trying to figure out what’s happening inside the network.”

view counter
view counter