Exposing The Economics Behind Hacking

A new survey by the Ponemon Institute provides insight into topics like the average earnings of a cyber-attacker, the amount of time attacks typically take, and how to prevent successful data breaches by increasing the cost of conducting them.

Key findings

Cyber-attackers are opportunistic and aim for the easiest targets first:

  • 72 percent of survey respondents said they won't waste time on an attack that will not quickly yield high-value information.
  • A majority of the survey's respondents (73 percent) stated attackers hunt for easy, "cheap" targets.

Time is the enemy of cyber-attackers:

  • An increase of approximately 2 days (40 hours) in the time required to conduct successful cyberattacks can eliminate as much as 60 percent of all attacks.
  • On average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success.    

The "big payday" is a myth:

  • The average adversary earns less than $30,000 annually from their malicious activities, which is 1/4 of a cybersecurity professional's average yearly wage.

A strong security posture increases the time to execute an attack:

  • It takes double the amount of time (147 hours) for a technically proficient cyber-attacker to plan and execute an attack against an organization with an "excellent" IT security infrastructure versus 70 hours for "typical" security.
  • 72 percent of respondents believe attackers will stop their efforts when an organization presents a strong defense.

"As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organization, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age," said Davis Hake, director of cybersecurity strategy at Palo Alto Networks.

Recommendations

Make yourself a "hard target" - Adopting a security posture with a breach prevention-first mindset, instead of a detection and incident response approach, can slow down cyber-attackers enough for them to abandon the attack in favor of an easier target.

Invest in next-generation capabilities - Legacy point products present little deterrence to attackers. The use of next-generation security capabilities that automate preventive action and don't rely on signatures alone or static defenses are the best defense against today's advanced cyberthreats.

Turn your network visibility into actionable intelligence - A prevention-focused security posture relies on natively integrated technologies like next-generation firewalls, network intelligence, and threat information sharing. This provides defenders with a clearer picture of what is happening inside their network, versus a confusing collection of uncorrelated point products.

Net-Security: http://bit.ly/1UK7ySj

« Cyber Crime Forensics
Data Analytics Is Driving IT »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Macomb-OU Incubator

Macomb-OU Incubator

Macomb-Oakland University Incubator supports startup and emerging companies in the niche industries of defense, homeland security, advanced manufacturing and technology.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

ByteSnipers

ByteSnipers

ByteSnipers specialize in penetration testings and secure development services. Our focus is on your security.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

Data Priva

Data Priva

Data Priva is the UK's leading subscription-based data protection, governance, risk and and compliance service.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.