Archive for August, 2011

Cybercrime Costs Continue to Dramatically Rise

Wednesday, August 10th, 2011

The recent HP-sponsored study on cybercrime costs (“The Second Annual Cost of Cybercrime Study”, conducted by the Ponemon Institute http://bit.ly/ql8JXP) produced a wealth of interesting and valuable data on the increasing costs of cybercrime.  Some of the key points of the study, which looked at a sample of 50 US organizations, included:

  • The average annualised cost of cybercrime to each company was $5.9M, ranging from $1.5M to $36.5M
  • These figures represent a 56% increase over the inaugural study conducted last year
  • The number of attacks increased by 45% from last year’s study.  The companies studied were affected by a total of 72 attacks each week – an average of 1.4 attacks per company per week
  • 90% of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks
  • Average time to resolve cyber attacks was 18 days, with an average cost of $416,000 per attack – a 67% increase from 2010
  • Smaller companies are not immune from cyber attacks, and in fact these attacks cost smaller companies more on a per capita basis
  • Deploying SIEM solutions can mitigate the impact of cyber attacks.  Organizations with SIEM solutions in place realized a saving of 25% because of the ability to quickly detect and contain cybercrimes.
  • Companies that deployed a Governance, Risk and Compliance (GRC) program saw significantly reduced costs associated with cyber crime when companies that did not have a GRC program.  Average costs for the GRC group were $6.8M versus $9.4M for the non-GRC group

Perhaps the most interesting fact to come from the study was:

…recovery and detection are the most costly internal activities, highlighting a significant cost-reduction opportunity for organizations that are able to automate detection and recovery through enabling security technologies.

Reading between the lines of this summary, a few things come to light.  A large number of cyber attacks are “inside jobs”.  Malicious code, stolen devices and other forms of attack are only practical when conducted by insiders.  As such, putting controls in place within the enterprise is critical.  As mentioned in my last blog, ensuring that employees have the ability to do the tasks related to their jobs, and nothing more, is of utmost importance.  Tracking commands issued and security events at a granular level to allow for quick identification of cyber attacks is key to reducing the number and duration of attacks, and therefore the cost.  SIEM devices, whilst extremely useful, need to have data fed to them from all systems and applications in the enterprise to ensure early detection of issues.

Additional methods of detection should also be considered – have critical files had attributes changed?  Have users been given access that they previously did not have? Have privileged programs, that may be malicious, been installed?

In the NonStop environment, only the XYGATE security suite from XYPRO provides all these capabilities, in an integrated, centrally managed solution.  XYGATE Access Control ensures that only the necessary levels of access to system resources are granted.  All commands and subcommands are audited.  XYGATE Merged Audit integrates consolidated audit data on the NonStop, to give a unified view of all security activity.  It optionally feeds that data to SIEM devices, allowing the NonStop to participate in the single view of the enterprise.

Perhaps most importantly, XYGATE Compliance PRO monitors a wide range of data on your NonStop, and alerts you when aspects of your system configuration fall outside previously defined boundaries, including unauthorised PROGID’ed programs, users with unauthorized access and unauthorized files on system volumes. Compliance PRO can also compare files from one scan to another, alerting the security administrator if the file size changes, or if the security configuration from two systems that previously matched are now different.

So, as the incidence and costs of cybercrime continue to rise, it becomes even more important to pay attention to your critical data and applications, and the users who are able to access them.  Automating as much of this process as possible is important in reducing the time for detection, and therefore the costs of these incidents.   XYPRO can help with this – please contact me at andrew_p@xypro.com or your local XYPRO representative for more information.

Andrew Price
Director, Product Management
XYPRO Technology Corporation