//
you're reading...
Information Security, IT & TECHNOLOGY

Flipping the Economics of Attacks


ISACA-Logo

How can an organization make it difficult enough for an attacker that they dissuade or prevent an attack? Time-wise? Cost-wise? Potential profit-wise?

In Flipping the Economics of Attacks, sponsored by Palo Alto and conducted by Ponemon Institute, threat experts in the United States, United Kingdom and Germany were surveyed about what motivates attackers. The research revealed that most attackers are in it for the money.

To fight back against adversaries enterprises need to harden their organizations so it takes attackers longer to achieve their mission. Most malicious attackers are opportunistic when choosing a particular organization to attack and will quit the attack when the targeted organization presents a strong defense. Specifically, the majority of attacks can be stopped if more than about two days are needed for a successful attack.

The following are recommendations from the report that will help steel the organization against malicious actors:

  • Create a holistic approach to cybersecurity, which includes focusing on the three important components of a security program: people, process and technologies.
  • Implement training and awareness programs that educate employees on how to identify and protect their organization from such attacks as phishing.
  • Build a strong security operations team with clear policies in place to respond effectively to security incidents.
  • Leverage shared threat intelligence to identify and prevent attacks seen by your peers.
  • Invest in next-generation technology such as threat intelligence sharing and integrated security platforms that can prevent attacks and other advanced security technologies.

There are many questions that the cybersecurity community needs to answer: What are the typical annual earnings of a cybercriminal? What is the attacker’s cost of conducting a breach? Does crime pay? Are cybercriminals getting rich?

While many attackers may hope for a big payout, the reality can be quite different. The findings of the survey reveal attackers on average receive $28,744 for an average of 705 hours spent on attacks annually. Of course, some attackers do “earn” more than the average. However, this compensation is 38.8 percent, or one-quarter, less than the average hourly rate of IT security practitioners employed in the private and public sector.

We also learned that attacks are increasing because of the availability of low-cost and effective hacker toolkits. Technically proficient attackers are spending an average of $1,367 for specialized tool kits to execute one attack. The only other cost is their time.

For more information attend the ISACA webinar: Flipping the Economics of Cyber Attacks, 11 A.M. (CST), Tuesday, 26 January, presented by Scott Simkin is Sr. Manager, Threat Intelligence at Palo Alto Networks, and Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute.

Dr. Larry Ponemon
Chairman & Founder, Ponemon Institute

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 123,336 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,484 other followers

Twitter Updates

Archives

January 2016
M T W T F S S
« Dec   Feb »
 123
45678910
11121314151617
18192021222324
25262728293031
%d bloggers like this: