UPDATED 16:14 EDT / OCTOBER 08 2013

NEWS

HP Ponemon Cyber Attack Study Shows Cyber Attacks, Costs Rising – The Solution is Big Data, People

HP today unveiled the results of an annual cyber attack study of companies worldwide conducted by the Ponemon Institute.  The research in the report shows that both the cost and frequency of cyber attacks continues to increase for the fourth consecutive year.

Cybercrime Up 78 Percent, Time to Resolve Attacks More Than Doubles

The findings illustrate the challenges in an ever more complex and difficult cyber security landscape, one that results in significant costs, but it also clearly illustrates some of the best paths to help deal with this.  The challenges are huge, the task to protect data and intellectual property is a multi-level task that in today’s IT environment can mean anything from cloud, to mobility, to web apps, and more.  Further, the perpetrators of cyber crime are increasingly better-organized than ever before.  Traditional security methods are falling short and are part of the problem.  Attacks are becoming more regular and harder to stop.  Some of the big takeaways in the report:

  • Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 60 organizations in our study is $11.6 million per year, with a range of $1.3 million to $58 million. In 2012, the average annualized cost was $8.9 million. This represents an increase in cost of 26 percent or $2.6 million from the results of our cyber cost study published last year.
  • Cyber attacks have become common occurrences. The companies in our study experienced 122 successful attacks per week and 2.0 successful attacks per company per week. This represents an increase of 18 percent from last year’s successful attack experience. Last year’s study reported 102 successful attacks on average per week.
  • The most costly cyber crimes are those caused by denial of service, malicious insiders and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions.

With 234 companies participating in this fourth annual report, 60 of those companies are US companies and the report now reaches out into six countries, adding to the international perspective.   If you glanced over the point, the cost of cybercrime range of $1.3 million to $58 million – that’s a big one, and the cost has gone up across the board.  The frequencies of attacks are on the rise, becoming more frequent, more varied and more damaging.  The good news of course is that things can be done about it, as found in the report there are a number of data points that indicate the right technology can lower costs, having trained and qualified personnel helped mitigate these costs, as well as having visionary, effective leadership that can put policy, personnel, and technology together.

Security Intelligence – Powered by SIEM, Big Data

Actionable intelligence, that which is gained by SIEM technology and Big Data analytics, is one of the most valuable, effective tools that was observed.  When you consider how nascent some of these security intelligence products are, and with a conservative ROI figure of 21% it is obvious that companies are quickly experiencing rapid returns out of implementing these technologies.  Dan Lamorena, Senior Director, Product Marketing of HP Enterprise Security Products stated in a joint briefing with Dr. Larry Ponemon:

“These are incredibly enabling tools that deliver rapid awareness, they help departments pinpoint issues, build intelligence, and enable them to resolve things efficiently and quickly.”

The dawn of security intelligence is shaking up the institutional foundations in security where 40% of security expenditures at major companies is spent at the network layer, opening the door to the possibility that network layer security spending has been overemphasized in light of this new technology.  Trends in the industry repeatedly show how disruptive security intelligence systems are becoming in vertical after vertical.

Human Intelligence – More Critical Than Ever

It is important to note however, that while many of these tools are well-designed for ease of use, ease of deployment and even automation, that the human factor can never be removed from the picture.  The report reinforces this as it illustrates how companies that grossly underspent on personnel incurred the greatest costs in dealing with cyber attacks.  The human factor is critical in a successful security strategy, from the top-level CISO or security exec to the security staff that implements and analyzes the security technology platform, to the training of regular employees on behavior and avoiding mistakes.  Illustrating this point  in many cases, Dr. Ponemon notes, tools were deployed and available in breach situations, but were found not to be deployed properly or to their full extent.  There is a crunch for talent in the industry however, and that opens the door for expert consultative security services.  That will be something to watch.

The information security industry can be expected to take these cyber security challenges on, using the knowledge that is unleashed in the report.  Security practice must continue to gravitate towards a wider variety of technologies, in mobile, social, analytics, and cloud in addition to the traditional security disciplines.  When companies work smarter and better with better technology, that can help assuage the rising costs and frequency of cyber crime, deal with threats, and that is the deeper layer that will be found within the report.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU