Exposing The Economics Behind Hacking

Uploaded on 2016-04-18 in FREE TO VIEW

A new survey by the Ponemon Institute provides insight into topics like the average earnings of a cyber-attacker, the amount of time attacks typically take, and how to prevent successful data breaches by increasing the cost of conducting them.

Key findings

Cyber-attackers are opportunistic and aim for the easiest targets first:

  • 72 percent of survey respondents said they won't waste time on an attack that will not quickly yield high-value information.
  • A majority of the survey's respondents (73 percent) stated attackers hunt for easy, "cheap" targets.

Time is the enemy of cyber-attackers:

  • An increase of approximately 2 days (40 hours) in the time required to conduct successful cyberattacks can eliminate as much as 60 percent of all attacks.
  • On average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success.    

The "big payday" is a myth:

  • The average adversary earns less than $30,000 annually from their malicious activities, which is 1/4 of a cybersecurity professional's average yearly wage.

A strong security posture increases the time to execute an attack:

  • It takes double the amount of time (147 hours) for a technically proficient cyber-attacker to plan and execute an attack against an organization with an "excellent" IT security infrastructure versus 70 hours for "typical" security.
  • 72 percent of respondents believe attackers will stop their efforts when an organization presents a strong defense.

"As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organization, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age," said Davis Hake, director of cybersecurity strategy at Palo Alto Networks.

Recommendations

Make yourself a "hard target" - Adopting a security posture with a breach prevention-first mindset, instead of a detection and incident response approach, can slow down cyber-attackers enough for them to abandon the attack in favor of an easier target.

Invest in next-generation capabilities - Legacy point products present little deterrence to attackers. The use of next-generation security capabilities that automate preventive action and don't rely on signatures alone or static defenses are the best defense against today's advanced cyberthreats.

Turn your network visibility into actionable intelligence - A prevention-focused security posture relies on natively integrated technologies like next-generation firewalls, network intelligence, and threat information sharing. This provides defenders with a clearer picture of what is happening inside their network, versus a confusing collection of uncorrelated point products.

Net-Security: http://bit.ly/1UK7ySj

« Cyber Crime Forensics
Data Analytics Is Driving IT »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.