Exposing The Economics Behind Hacking

Uploaded on 2016-04-18 in FREE TO VIEW

A new survey by the Ponemon Institute provides insight into topics like the average earnings of a cyber-attacker, the amount of time attacks typically take, and how to prevent successful data breaches by increasing the cost of conducting them.

Key findings

Cyber-attackers are opportunistic and aim for the easiest targets first:

  • 72 percent of survey respondents said they won't waste time on an attack that will not quickly yield high-value information.
  • A majority of the survey's respondents (73 percent) stated attackers hunt for easy, "cheap" targets.

Time is the enemy of cyber-attackers:

  • An increase of approximately 2 days (40 hours) in the time required to conduct successful cyberattacks can eliminate as much as 60 percent of all attacks.
  • On average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success.    

The "big payday" is a myth:

  • The average adversary earns less than $30,000 annually from their malicious activities, which is 1/4 of a cybersecurity professional's average yearly wage.

A strong security posture increases the time to execute an attack:

  • It takes double the amount of time (147 hours) for a technically proficient cyber-attacker to plan and execute an attack against an organization with an "excellent" IT security infrastructure versus 70 hours for "typical" security.
  • 72 percent of respondents believe attackers will stop their efforts when an organization presents a strong defense.

"As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organization, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age," said Davis Hake, director of cybersecurity strategy at Palo Alto Networks.

Recommendations

Make yourself a "hard target" - Adopting a security posture with a breach prevention-first mindset, instead of a detection and incident response approach, can slow down cyber-attackers enough for them to abandon the attack in favor of an easier target.

Invest in next-generation capabilities - Legacy point products present little deterrence to attackers. The use of next-generation security capabilities that automate preventive action and don't rely on signatures alone or static defenses are the best defense against today's advanced cyberthreats.

Turn your network visibility into actionable intelligence - A prevention-focused security posture relies on natively integrated technologies like next-generation firewalls, network intelligence, and threat information sharing. This provides defenders with a clearer picture of what is happening inside their network, versus a confusing collection of uncorrelated point products.

Net-Security: http://bit.ly/1UK7ySj

« Cyber Crime Forensics
Data Analytics Is Driving IT »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

Privacy Analytics

Privacy Analytics

Privacy Analytics enables healthcare organizations to unleash the value of sensitive data for secondary purposes without compromising personal health information.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

Ascent Cyber

Ascent Cyber

Ascent Cyber provide simple and stress-free solutions to protect your business and its customers from the worries and costs of cybercrime.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.