Too often, we are so focused on our day-to-day that we neglect to consider the bigger picture. I have been writing about recursive DNS and threat intelligence, Domain Generation Algorithms (DGAs), and DNS-based data exfiltration assuming that the vast majority of readers are familiar with the business impact of malware, ransomware, and phishing. Turns out, that isn't necessarily the case.
So, let's take a step back. What is the business impact of advanced, targeted attacks?
Predictably, there are various ways of assessing the impact of a cyber attack. Some common approaches include looking at the origin of the threat, the moment of detection, the time to remediation, the total cost of the event, and the overall fallout associated with an attack. Essentially, what was the point of compromise, was any proprietary business documentation leaked, was any personally identifiable information (PII) compromised, and did the event damage brand reputation or market value?
The Ponemon Institute is renowned for their research in this field.
One of the reports worth reading is "The Economic Impact of Advanced Persistent Threats". In this report, Ponemon defines an Advanced Persistent Threat (APT) as: "a type of cyber attack designed to evade an organization's present technical and process countermeasures." The authors go on to highlight that "malware is the typical APT attack method. Ninety-three percent of respondents say malware was the source of the attack." Check out my earlier posts on DNS exfiltration and DGAs to understand why malware is so well-equipped to launch these types of attacks.
In their report, Ponemon evaluates the total costs associated with protecting an enterprise and remediating any APTs by looking at four categories:
- Cost of tech support
- Lost productivity
- Lost revenue
- Brand damage
Through surveying 755 U.S. IT and IT security practitioners, Ponemon found that the average total cost of APT-related incidents over a 12 month period equals roughly $18.1 million. Interestingly, the cost associated with damage to brand and reputation is three times that of each of the other more finite categories.
We can look at the business impact of cybercrime through a slightly different lens, this time evaluating the cost of the product of most malware and phishing: a data breach. Generally, those costs are calculated by looking at:
- Customer and crisis management
- Incident response, investigation, and security audits
- Employee turnover and recruiting services for hiring new CISO/security staff (I am not making that last one up...)
- Legal fees, settlements, and regulatory fines
Once again, the Ponemon Institute offers an insightful report on the subject. The "2016 Cost of Data Breach Study: Global Analysis" not only offers a framework on how to assess the costs of a data breach, but also provides concrete numbers based on 383 participating companies. Their data reveals that the average global, total cost of a data breach equals $4 million.
Regardless of which specific method or study you utilize to inform your decisions about cyber attacks, the bottom line is the same: APTs, malware, ransomware, phishing, and data breaches will have a negative economic impact on your business. And the general consensus within the industry is that the cost of cybercrime is not decreasing but increasing, and will be further amplified by charges associated with a growing number of fines, notification requirements, and so on.
As most security professionals now agree that it's not really a question of "if," but "when" you will experience an attack, employing industry benchmarks to evaluate your financial exposure and layered defense to ward off cybercrime simply makes sense.
To learn more about easily and conveniently adding an additional layer of cloud-based security to your enterprise, combining recursive DNS and threat intel, reach out to your Akamai account team or visit https://www.akamai.com/dns.