The Real Costs of Cyber Attacks
Cyber attacks constantly top the news headlines–be it yet another massive data breach for Yahoo! or the findings that ransomware can now infect Smart TVs running Android OS, our world seems to always be threatened by some sort of cyber phenomenon or another. These cyber attacks threaten companies with their various costs, both measurable and immeasurable, and some of the most common costly cyber attacks are DDoS attacks, ransomware attacks, and data breaches.
Distributed Denial-of-Service (DDoS) Attacks
A distributed denial-of-service, or DDoS, attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. This is done by malicious actors to prevent legitimate users from accessing a website. When this type of attack occurs, it can either be meant to flood the company’s network infrastructure to block connections to the entirety of its site or more targeted at specific applications to block company use–and sometimes it can be both. When a company experiences a DDoS attack, it is important for them to know the costs involved.
The biggest costs surrounding a DDoS attack are related to getting the business’ domain operational again–meaning lots of money and time must be dedicated to fixing the issue. As of 2014, the average hourly cost to a company to try and mediate a DDoS attack was $40,000 an hour; as the the number of occurrences and the strength of DDoS attacks has increased since then, it is likely that this cost has risen as well. With two-thirds of attacks lasting 6 hours or more (16% of which lasted 1 to 7+ days), it is obvious that this can be a hefty price for a company to pay.
DDoS attacks are fairly preventable compared to other cyber attacks, and one of the best ways to prevent an attack is through early detection. Costs surrounding a DDoS attack can be reduced significantly with early detection, and there are simple steps a company can take in order to fight an attack once one has been detected. Companies can run a script on their servers that sends a message periodically with the recent traffic count. Monitoring and managing traffic is essential in preventing a DDoS attack. Once a pattern has been recognized, it is important for the bad traffic to be blocked without blocking those legitimate users who wish to access the site. It is important to be ready with strong incident response and DDoS mitigation plans in order to prevent the costs incurred by your company from getting out of hand.
Ransomware Attacks
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money, or ransom, is paid. Though now primarily known by this definition as a cyber crime, ransomware has been around since before the internet gained its popularity. Since then, the threat has grown drastically with the flourishing of the Internet, not only in its complexity but in its reach as well. 2016 experienced record amounts of complex ransomware attacks–with attacks totaling over $1 billion as of September 2016 for the year and an average of 4,000 attacks each day in the United States alone. While it is known that one of the costs surrounding ransomware is the actual ransom paid to the criminals in order to regain access to a company’s precious files, there are other hidden costs that are important for organizations to know about as well.
According to a survey conducted by the market research firm Vanson Bourne on behalf of SentinelOne, it takes an average of 33 man hours for an organization to recover from a ransomware attack. Researchers who conducted this survey make the assumption that the average employee makes around $20 per hour, meaning that this cost alone is more than $6,000 for each attack, and this varies based upon the company’s size and the employees’ actual rate of pay. Ransoms are commonly collected in the form of Bitcoin, a digital currency that uses encryption, created and held solely online. The average ransom is worth around 1-2 Bitcoin, and the current exchange rates show that the currency is worth over 1,000 USD per coin–but some especially malicious hackers charge their victims even more to regain access to their important and private files.
Similar to handling a DDoS attack, prevention is preferable to reaction when it comes to combating ransomware. By setting up a plan that includes the use of an antivirus and malware software, keeping all of your operating systems and computers up-to-date, enabling automatic updates, the use of a pop-up or ad-blocker, use of strong and unique passwords, and avoiding suspicious links and emails, you can prevent ransomware from infiltrating your company to begin with. The greatest defense you can have is a strong, managed firewall, as well as cyber-aware employees.
Data Breaches
The cold, hard truth about data breaches is that most IT professionals adhere to the belief that it is not a matter of if a company will be affected by a data breach, but rather when–and 2016 was not exempt from this belief either.
According to the 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute, the average cost of a data breach in 2016 was $4 million, with the average cost per record stolen in a data breach for this time being $158 (an increase of $4 per record from last year’s average); this cost was even greater for the healthcare and retail fields, at $355/record and $172/record respectfully. Costs associated with data breaches continue to climb yearly, so this Ponemon Institute Study took a look at why exactly this is occurring.
Researchers found three major causes for this hike in costs surrounding data breaches:
- Nearly half of all data breaches are malicious attacks— Forty-eight percent of data breaches for 2016 were criminal and malicious attacks. This type of breach takes the most time to detect and contain, and this extra time devoted to remedying the situation results in a higher cost per record stolen. Since professionals believe it is only a matter of time before your company is hit with a data breach, it is important to prepare for the inevitable attack. By accepting that a breach will occur and creating a plan of action for when it does, you can protect your business from getting hit as hard as it might have been without proper preventative measures put in place.
- Costs surrounding lost business have increased— As with other attacks, when a company faces a data breach, some of their customers will see this as a major fundamental flaw with the company itself and consequently, these enterprises will experience lost business. This is the biggest financial consequence to organizations that have experienced a data breach. Because of this cost being as significant as it is, after a company experiences a data breach, it is essential that they take steps to help retain customers’ trust in order to reduce the long-term financial impact.
- The cost of quality threat detection is growing rapidly— When a data breach is threatening an organization, the company needs to handle the situation as though it is a First 48 investigation–the more time that passes without a solution to the issue, the harder and more costly it becomes to resolve. According to the Ponemon Institute Study, detection and escalation costs have increased each year they have conducted this study, which suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a breach. Companies who feel as though quality threat detection and escalation are out of reach for them financially can find an external cybersecurity management partner to help protect the organization from attack.
These threats, as well as others, torment businesses year after year, costing them millions upon millions of dollars as well as significant chunks of their time. It is important for businesses to be prepared to prevent each attack as much as they possibly can in order to keep their customers’ trust and reduce the costs surrounding such a devastating event as a cyber attack.
Hailey R. Carlson | Axiom Cyber Solutions | 01/02/2017