Story image

Behind the scenes of cyber crime

02 Feb 16

Have you ever wanted to know how much a cyberattacker makes, the amount of time attacks take, and how to prevent data breaches?

Palo Alto Networks, the next-generation security company, completed a survey to explore the economics of cyberattacks.

The survey provided insight into a number of topics surrounding cyber crime, criminals and preventative measures.

Davis Hake, Palo Alto Networks director of cybersecurity strategy, says, "As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organisation, contributing to the growing volume of threats and data breaches. 

“Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age.” 

Here are some key findings from Palo Alto:

Cyberattackers are opportunistic and aim for the easiest targets first

According to the survey, 72% of criminals won't waste time on an attack that will not quickly yield high-value information.

A majority of the survey's respondents (73%) stated attackers hunt for easy, ‘cheap’ targets.

Time is the enemy of cyberattackers

An increase of approximately two days (40 hours) in the time required to conduct successful cyberattacks can eliminate as much as 60% of all attacks.

On average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success.

The ‘big payday’ is a myth.

The average adversary earns less than $30,000 annually from their malicious activities, which is 1/4 of a cybersecurity professional's average yearly wage, according to the survey.

A strong security posture increases the time to execute an attack

It takes double the amount of time (147 hours) for a technically proficient cyberattacker to plan and execute an attack against an organisation with an ‘excellent’ IT security infrastructure versus 70 hours for ‘typical’ security.

Furthermore, 72% of respondents believe attackers will stop their efforts when an organisation presents a strong defence.

"The survey illustrates the importance of threat prevention," says Dr. Larry Ponemon, Ponemon Institute chairman and founder.

"By adopting next-generation security technologies and a breach prevention philosophy, organisations can lower the return on investment an adversary can expect from a cyberattack by such a degree that they abandon the attack before it's completed,” he says. 

Palo Alto Networks has made three key recommendations:

Make yourself a ‘hard target’

Adopting a security posture with a breach prevention-first mindset, instead of a detection and incident response approach, can slow down cyberattackers enough for them to abandon the attack in favour of an easier target, the company says.

Invest in next-generation capabilities

Legacy point products present little deterrence to attackers. The use of next-generation security capabilities that automate preventive action and don't rely on signatures alone or static defences are the best defence against today's advanced cyberthreats, according to Palo Alto.

Turn your network visibility into actionable intelligence

A prevention-focused security posture relies on natively integrated technologies like next-generation firewalls, network intelligence, and threat information sharing.

This provides defenders with a clearer picture of what is happening inside their network, versus a confusing collection of uncorrelated point products, Palo Alto Networks says.

HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
This could be the future of ridesharing
When you hear the words ‘driverless vehicle technology’, the company Bosch may not immediately spring to mind.
2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
InternetNZ welcomes Govt's 99.8% broadband coverage plan
The additional coverage will roll out over the next four years as part of the Rural Broadband Initiative phase two/Mobile Black Spots Fund (RBI2/MBSF) programme expansion.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Businesses in APAC are ahead of the global digital transformation game
“And it’s more about people and culture - about change management - along with investing in the technology.”
HubSpot announces fund for 'customer first' startups
HubSpot is pouring US$30 million (NZ$40 million) into a new fund to support startups that demonstrate ‘customer first’ approach of not only growing bigger, but growing better.