The Ponemon Institute’s 2012 Cost of Cyber Crime Study sponsored by HP has just been released with some very interesting data. The increasing costs found in this study would argue for additional protections beyond what most organizations are using.
Here are some summary points from the study:
- 6% increase of costs over 2011
- 42% increase in the number of cyberattacks with organizations experiencing an average of 102 successful attacks per week
- Information theft accounts for 44 percent of external costs up 4 percent from 2011
- 78% of costs come from malicious code, denial of service, stolen or hijacked devices, and malicious insiders
- Disruption to business or lost productivity accounted for 30 percent of external costs
- Average time to resolve a cyberattack is 24 days with the average cost incurred at $591,780
- Recovery and detection were the highest internal costs
Research from the Ponemon Institute confirms the need for improved security. Organizations are being bombarded with cyberattacks yet continue to spend the majority of their internal costs on recovery and detection, but a new paradigm is needed: prevention.
Arellia continues to promote proactive measures as an additional, more effective method of securing information systems. With two of the four cybercrime activities, Arellia recommends:
- Malicious code – move beyond signature based technologies and consider adding privilege management and whitelisting
- Malicious insiders – don’t give end users administrator rights and audit IT administrators usage of administrator accounts
Prevention of one cyberattack would pay for the software, services, and personnel costs associated with deploying privilege management, whitelisting, and administrator account management solutions. It is time for better risk mitigation.
About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.