March 2019, Accenture jointly issued the ninth Ponemon Cost of cybercrime investigation report (Ninth Annual Cost of Cybercrime Study). The report for 2647 conducted an investigation executives of 355 companies from 16 industries in 11 countries (both developed economies, excluding China), the results show that with the attack | hit more targets and more, the increasing influence, attack | strike means more and more advanced, security breaches continues to rise, despite the organization's security investment are growing, but its deal with network attack | against crime costs (cost here can also be called costs, overhead) is still rising, estimated to be worth US $ 5.2 trillion from the 5-year risk of 2019 to 2023. Report by the cost calculation model to quantify, for a variety of attack | hit on the type of project costs were quantified analysis reveals three fast path to reduce the cost of cyber crime, namely: priority to curb people-based attack | hit (mainly fishing) strengthen the protection of information (mainly data security), high return on investment of those technologies (including intelligence, ML, IAM, behavioral analysis, etc.).
The following further analysis:
An increase from the figure shows that the average annual organizational security breaches from 2017 from 130 to 145 since 2018, an increase of 11% over the past five years, a total increase of 67%.
Note that the definition of security breach in this report, unlike DBIR or define the SANS, the security breach refers to this successful network attack | hit (including industrial control systems for attack | hit). breach here is not equal to the general data breach discussion, not entirely equal incident. According to my understanding, security breach> security incident> (data) breach.
There is also a figure above data, that is, only 16% said they CISO network security audit of personnel, and people report that is currently the weakest link in security. Similarly, in Ernst & Young's 21st Global Information Security Survey report , the organization is also the greatest weakness as a person, and further reveals the fishing attack is closely related to people's safety awareness | strike is the biggest threat to the network.
Ponemon calculation model based on the report drawn bring the average cost of cybercrime in 2018 reached $ 13 million, an increase of 12 percent over the previous year, as follows:
Further according to different industry segments for analysis, it can be found cost (loss) relative to the largest banking network to bring crime. As shown below:
From the attack | strike means point of view, the maximum loss caused by malicious software, lost growth extortion and malicious software caused by internal users the fastest. As shown below:
Further analysis of each attack | the impact of the costs of different means of attack caused by caused by distribution, as shown below:
As can be seen, for malicious software, web attack | strike, malicious code, the most important impact is the loss of information (ie information leakage losses caused); for DoS biggest impact in terms of business apparently interrupted. Overall, the biggest loss comes from loss of information.
The costs of organizing the different stages in order to combat cybercrime investment point of view, 36% of the cost spent on the discovery of attack | on strike, 22% of the cost of the survey, 24% of the cost containment and cost recovery of 18% As shown below:
The report further pointed out that the attack found | blow to the cause of rising cost, including extensive use of various security technologies, such as SIEM, DLP, NGFW, IDPS, UTM, etc., as well as hiring the relevant personnel. Investigate the cause of the decline in spending that forensic analysis and threat of use of hunting tools, to enhance the efficiency of the investigation, in addition, cloud services also greatly enhance the efficiency of the investigation and containment. The reason to curb the rising cost mainly against the threat of increased complexity, and compliance requirements lead. Decline in spending is mainly due to the repair of the use of choreography and automation technology.
The most interesting is the view of the role of different security technologies played by the analysis, as shown below:
From the chart, we can easily find, share security intelligence and threat is the most cost technical means against cybercrime, while the technology adopters accounted for 67% of all respondents. The next most effective technology is automated, AI and machine learning techniques, and then again followed by senior IAM, network and user behavior analysis, encryption technology, GRC, automated policy management, DLP.
Even more interesting is advanced border control technology, the report notes that respondents to the average investment in technology reached $ 1.4 million, but the benefits are negative. I understand that this is not to say that the technique does not work, and in fact still very important foundation. But description, we have to control the balance at the boundary between the block and the investment proportion detection and response, more efficient portfolio.
The figure below shows the analysis of 2017 :
Compared with the findings of the year 2017, the first four efficient security technology is basically the same.
Report gives an unlocked (lift) network security value of three steps:
1) priority to prevent human-based attack | blow. Audit of people is critical, training and education are essential personnel to third parties and partners also included in the scope of security management.
2) focus limit information disclosure and business interruption losses. Reliable information protection is a core business practice, to use data-centric security methodology, using DLP and encryption technologies to enhance measure of security.
3) focus on emerging security technologies, flexible investment and efficient use of security technologies mentioned above.
Finally, the report provides cybercrime costing model Ponemon design, as shown below, with the 2017 model is slightly different.
【reference】
Accenture: 2017 Cybercrime cost studies (including analysis )
Ernst & Young: 21 Global Information Security Survey (2018 - 2019)
Ernst & Young: 20th Global Information Security Survey (2017 - 2018)
Ernst & Young: 19th Annual Global Information Security Survey
PricewaterhouseCoopers: 2018 Global Information Security Survey Analysis Report
Deloitte 2010 Financial Institutions Security Intelligence Report, please add a link description