Cost of One Breach in Millions

Wednesday, August 4, 2010 @ 05:08 PM gHale


If the Stuxnet attack was not a wake up call for an increased awareness in security, then try this: Organizations are getting hit by at least one successful attack per week, and the annual cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a benchmark study of 45 U.S. organizations hit by data breaches.
There was a median cost of $3.8 million for an attack per year, a price tag that includes everything from detection, investigation, containment, and recovery to any post-response operations, according to a report from Ponemon Institute entitled “The First Annual Cost of Cyber Crime Study.” ArcSight sponsored the report.
“Information theft was still the highest consequence; the type of information [stolen] ranged from a data breach of people’s [information] to intellectual property and source code,” said Larry Ponemon, chief executive of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”
And a separate report called “The Leaking Vault” released by the Digital Forensics Association found among the 2,807 publicly disclosed data breaches worldwide during the past five years, the cost to the victim firms as well as those whose information was exposed came to $139 billion. That comes to just over $49 million a breach.
The Digital Forensics Association report said nearly half of all of the reported breaches came from a stolen laptop, which is the case 95 percent of the time. But actual hacks accounted for the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report, even though hacks accounted for 16 percent of the data breaches.
Ponemon found Web-borne attacks, malicious code, and malicious insiders are the most costly types of attacks, making up more than 90 percent of all cybercrime costs per organization per year: A Web-based attack costs $143,209; malicious code, $124,083; and malicious insiders, $100,300.
“If you look at the actual attacks, they were found most frequently as viruses, worms, and Trojans,” Ponemon said. “But in terms of each individual attack … a SQL injection is more expensive on attack-by-attack basis.”
Botnets made up 8 percent of the attacks, with a price tag of about $1,627. But that number could be conservative given some of the unknowns about the origins of the attacks, Ponemon said.
Nearly half of all breach costs occur in detection and recovery, and the average number of days to recover and resolve from an attack was 14 days, with a cost of $17,696 per day, according to the report. But when an attack comes from a malicious insider, it takes 42 or more days to resolve.
“It seemed that the majority of the 45 organizations were random and haphazard in their approach” to the problem, Ponemon said. “They didn’t have the right tools or technologies, and they didn’t know what kinds of threats there were and that the actual attacks were happening” until afterward.
On the other hand, the Digital Forensics Association report found when data breaches occurred due to an insider issue, it was more than twice as likely to be inadvertent. Outside breaches were the cause of 48 percent of the incidents, and third parties, 16 percent.
It also found malware leads the attacks (25 percent), followed by SQL injection, (24 percent). Stolen or abused credentials came into play in 16 percent of the breaches.
Social security numbers are the most commonly compromised form of data, with 69 percent of the breaches during the five-year period exposing SSNs, followed by credit cards, with 14 percent.



Leave a Reply

You must be logged in to post a comment.