Exposing The Economics Behind Hacking

Uploaded on 2016-04-18 in FREE TO VIEW

A new survey by the Ponemon Institute provides insight into topics like the average earnings of a cyber-attacker, the amount of time attacks typically take, and how to prevent successful data breaches by increasing the cost of conducting them.

Key findings

Cyber-attackers are opportunistic and aim for the easiest targets first:

  • 72 percent of survey respondents said they won't waste time on an attack that will not quickly yield high-value information.
  • A majority of the survey's respondents (73 percent) stated attackers hunt for easy, "cheap" targets.

Time is the enemy of cyber-attackers:

  • An increase of approximately 2 days (40 hours) in the time required to conduct successful cyberattacks can eliminate as much as 60 percent of all attacks.
  • On average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success.    

The "big payday" is a myth:

  • The average adversary earns less than $30,000 annually from their malicious activities, which is 1/4 of a cybersecurity professional's average yearly wage.

A strong security posture increases the time to execute an attack:

  • It takes double the amount of time (147 hours) for a technically proficient cyber-attacker to plan and execute an attack against an organization with an "excellent" IT security infrastructure versus 70 hours for "typical" security.
  • 72 percent of respondents believe attackers will stop their efforts when an organization presents a strong defense.

"As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organization, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age," said Davis Hake, director of cybersecurity strategy at Palo Alto Networks.

Recommendations

Make yourself a "hard target" - Adopting a security posture with a breach prevention-first mindset, instead of a detection and incident response approach, can slow down cyber-attackers enough for them to abandon the attack in favor of an easier target.

Invest in next-generation capabilities - Legacy point products present little deterrence to attackers. The use of next-generation security capabilities that automate preventive action and don't rely on signatures alone or static defenses are the best defense against today's advanced cyberthreats.

Turn your network visibility into actionable intelligence - A prevention-focused security posture relies on natively integrated technologies like next-generation firewalls, network intelligence, and threat information sharing. This provides defenders with a clearer picture of what is happening inside their network, versus a confusing collection of uncorrelated point products.

Net-Security: http://bit.ly/1UK7ySj

« Cyber Crime Forensics
Data Analytics Is Driving IT »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

Israel National Cyber Directorate (INCD)

Israel National Cyber Directorate (INCD)

The Israel National Cyber Directorate is the national security and technological agency responsible for defending Israel’s national cyberspace and for establishing and advancing Israel’s cyber power.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.