The Ponemon Institute 2015 Cost of Cyber Crime Report, which cites that the average cost of a cyber attack is $12.7 million, up from $11.6M in 2014, prompted experts from STEALTHbits to comment on these costs and the resolution times that often drive them up.
"Internal threats are likely to have been running for extended periods of time before detection and that none of the technology solutions highlighted in the report should be positioned as allowing an organization to understand what malicious activity took place prior to being detected (at which point monitoring and/or blocking becomes an option),” said John Marshall, VP of Technical Services, STEALTHbits. “Therefore, the assumption would be that the costs of insider threats will be significantly under-estimated," he added.
Jeff Hill, Channel Marketing Manager at STEALTHbits is no stranger to helping partners help their customers overcome the challenges related to breach response. "The report highlights the direct relationship between the overall cost of a breach, and the time it takes to detect and stop them,” said Hill. “The longer the attack is active and undetected, the higher the cost to the organization. And which attacks are most difficult to discover? Malicious insiders, which take, on average, over 54 days to resolve, timeframes that dwarf conventional threats like malware (less than 6 days),” he added.
STEALTHbits Technologies' access management solutions are used by public & private sector enterprises to block malicious access to unstructured data such as email, file systems, presentations, etc. (≈ 80% of organizational data). By ensuring that only the right people can access large, highly-sensitive data pools, STEALTHbits helps customers cut risks and operational expenses, and fulfill compliance requirements.
“Whether it be an actual disgruntled employee, or an external attacker compromising legitimate credentials, the most effective attacks – and those most difficult to detect – are the ones that abuse legitimate credentials,” noted Hill. “Detecting these ‘authentication-based’ attacks early is arguably the preeminent challenge facing security professionals today."
Read the report (registration required)