Survey highlights economics behind cyberattacks

0

KUCHING: As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organisation, contributing to the growing volume of threats and data breaches.

This follows Palo Alto Networks announcing the results of a survey sponsored by the company to explore the economics of cyberattacks.

It found that 72 per cent of survey respondents said they won’t waste time on an attack that will not quickly yield high-value information and that a majority of the survey’s respondents (73 per cent) stated attackers hunt for easy, ‘cheap’ targets.

It also noted that an increase of approximately 40 hours in the time required to conduct successful cyberattacks can eliminate as much as 60 per cent of all attacks as on average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success.

The average adversary earns less than US$30,000 annually from their malicious activities, which is 1/4 of a cybersecurity professional’s average yearly wage.

Adding to that, it takes double the amount of time (147 hours) for a technically proficient cyberattacker to plan and execute an attack against an organisation with an ‘excellent’ IT security infrastructure versus 70 hours for ‘typical’ security.

72 per cent of respondents believe attackers will stop their efforts when an organisation presents a strong defense.

“As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organisation, contributing to the growing volume of threats and data breaches.

“Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age,” said Davis Hake, director of cybersecurity strategy at Palo Alto Networks.

“The survey illustrates the importance of threat prevention.

“By adopting next-generation security technologies and a breach prevention philosophy, organizations can lower the return on investment an adversary can expect from a cyberattack by such a degree that they abandon the attack before it’s completed,” added Larry Ponemon, chairman and founder, Ponemon Institute.