It was interesting to hear a recent presentation on the result of Verizon’s 10 years of research in to cyber breach reporting. Chris Novak of Verizon’s RISK team recently presented on “the real costs of a security breach”. He described how they had identified how 9 out of 10 breaches fit in to 9 basic patterns.
- Point of Sale (PoS) intrusions
- Payment card skimmers
- Web-App attacks
- Cyber espionage
- DoS attacks
- Insider misuse Physical theft and loss
- Miscellaneous errors
He stated that the top impacts to a business are the legal and investigations costs post a breach, due to the impact of liability determinations. Regulated investigations are the most expensive. So it still stands that the cost of prevention greatly outweighs the cost of managing a breach. He spoke about their efforts to view the costs and the fact that they had to follow the tail, the impact, for years after the breach. Consideration was given to the cost of everything from the technical investigation, the requirement for legal counsel to customer care and external communications. He interestingly spoke about when Verizon go in to a company to assist post breach to speak about the long term remediation, messaging and introduction of future controls, many of the original staff involved had left the company for one reason or another. This is an unexpected impact of the negative way in which the staff involved are tainted following the incident.
It was also interesting to hear their assessment, from real world cases, of how quickly a threat actor took to compromise a victim, “the time to compromise is almost always days or less”. Comparing that in to how quickly the victim identifies the attack, he stated only 15-20% of companies identified the intrusion in “days or less”. The norm was months and up to 7 to 8 months in a lot of cases. It proves the need for proactive capabilities and preventative activity.
Verizon’s Data Breach Investigation Report is a great source of what is happening with online criminality and associated victims.
Xanadata is a data analytics company, specialising in building systems that analyse data at extreme throughputs addressing markets such as cyber security, e-discovery and BI analytics. It develops and builds custom hardware and software to allow organisations to rapidly identify vulnerabilities, threats and risks caused by systems connecting to the Internet.