Cyber Attack Prevention Can Save Businesses Up to $1.4M Per Attack
While that headline sounds great, research from a study by the Ponemon
Institute and Deep Instinct shows that 76% of surveyed security professionals indicate
that cyber attack prevention is too difficult for their organizations to
achieve and instead focus on easier detection and containment efforts
It sounds like a bad joke: Why did the security department give
up on their cyber attack prevention and mitigation efforts? Because
prevention’s too hard to achieve.
Unfortunately, though, this is not just a bad joke. According to research from a new study that was released today by the Ponemon Institute and Deep Instinct, that’s exactly what more than three-quarters of survey respondents said they believe. The unsettling data indicates that 40% they “strongly agree” and another 36% said they “agree” with the statement that “My organization focuses on the detection of cyberattacks because prevention is perceived to be too difficult to achieve.”
We’re not here to argue the psychological semantics of
perception versus reality — but we are saying that this data shows that
perceptions relating to the cybersecurity lifecycle do matter (particularly
where an organization’s resource allocation and budgetary decisions are
concerned).
To better understand the data, we’re going to dive into the
results of this survey, which focuses on the responses to questions relating to
perceptions of the cybersecurity lifecycle and the economic value of prevention
efforts.
Let’s hash it out.
Companies Are Focusing on Response Rather Than Cyber Attack Prevention —
But That’s a Mistake…
The study takes a deep dive into the economic impact of
costs associated with cyber attacks on organizations. But we’ll get more into who
the survey respondents are later — let’s get to the meat of what they were
asked about… The cybersecurity lifecycle itself and the ways that their
organizations prevent cyber attacks.
The lifecycle represents a series of cybersecurity-related
processes an organization goes through when identifying and responding to
virtually any type of cyber attack. So, what are the five phases?
- Prevention — This first step focuses on
stopping malicious threats and classifying threats in real time. This is the
phase where respondents say they feel they’re least effective. Prevention is
the tertiary consideration when it comes to budget allocation within the cyber
security lifecycle (only 21% of the budget). - Detection — This phase focuses on
identifying threats that may already exist within an established IT security
infrastructure. This is also where they place the second highest budget
priority (26%) in terms of the cyber security lifecycle. - Containment — This step kicks in and
outlines how to stop an identified threat from spreading to other systems. This
is where the majority of surveyed organizations say they’re most effective and
successful. It’s also where the focus the majority (29%) of their cyber security
lifecycle budget. - Recovery — This phase focuses on
restoring your IT security infrastructure to its previous condition once the threat
has been contained. - Remediation — This step focuses on
ensuring that the right “everything” in place — the people, processes, and
technologies — to thwart future incidents.
The survey asked participants to estimate the costs associated with five types of attacks — zero-day, phishing, nation-state, ransomware, and spyware — and the percentage of the cost that’s associated with each of those lifecycle phases. For example, their data shows that a single phishing attack could cost an average of $832,500 due to costs associated with detection, containment, recovery, and remediation efforts. But if an organization was able to prevent the attack in the first place, they could save $682,650 of those total costs!
Why only 82% — wouldn’t it prevent 100% of the costs of a
cyber attack? Well, no. That’s because there are costs associated with cyber
attack prevention initiatives in terms of the human and technological resources
that are involved.
So, ask yourself: If there is a chance that you could potentially
save your organization 82% of the costs it could face by preventing an attack from
happening in the first place, would you put the necessary resources in place to
do it? Where do you and your organization stand on this particular issue — are
you in the camp that supports focusing more of your efforts on prevention, or
do you believe more resources should be dedicated to detection and containment?
The Key Takeaway from the Survey: Put More Resources Into Cyber Attack
Prevention
Unsurprisingly, the survey finds that preventing attacks
from causing damage not only protects an organization’s reputation, but it also
saves them time, resources, and money. That seems like pretty common sense
to me. But what was surprising was the weight given to perceptions
surrounding the topics of cyber attack detection and prevention. Herein lies
the issue.
As we mentioned earlier, the majority of survey respondents’
cybersecurity resources appear to be devoted significantly more to responding
to threats (containment) than stopping them from occurring in the first place
(prevention). In fact, only 24% say that they focus on optimizing their
prevention capabilities!
But what leads to such a big discrepancy in priorities?
Dr. Larry Ponemon, the chairman
and founder of the Ponemon Institute, was quoted in the press release as saying
that the reason seems to boil down to perceptions of accountability:
“This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions.
Prevention of cyberattacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber breaches, we expect budgets to start allocating increased resources to preventative solutions given the amount of money they save.”
If you
want to ensure that your budget money is best spent, then it’s imperative for
businesses and organizations to dedicate more of their moolah to cyber attack
prevention initiatives, personnel resources, and technologies. But even with
increased resources, that doesn’t mean that your cyber security prevention efforts
will be without challenges.
The Challenges of Preventing Cyber Attacks on Businesses
When it comes to figuring out how to prevent a cyber attack, it’s all about identifying and stopping any type of malicious threat in real time, regardless of the types of files that are used in the attack or if it’s a zero-footprint attack (one that lacks files).
The five
types of cyber attacks we mentioned earlier — zero-day, phishing nation-state,
ransomware, and spyware — were among those that the survey respondents found
very difficult to prevent. According to the research, a few reasons really
stand out about why almost 80% of the survey respondents feel like preventing
these types of cyber attacks is too difficult:
- Their detection capabilities
are lacking. By the time they recognize
that an attack is taking place — whether it’s because of difficulties arising
with detecting threats in various file types or due to a lack of real-time data
— it’s already too late. - There aren’t enough
resources allocated to prevention. Simply
put, they lack the necessary resources to prevent cyber attacks in terms of
budgets, personnel, and expertise. In fact, only 40% of the practitioners who
responded to the survey think their organization’s budgets are enough to create
a strong cyber security posture. - Current technologies
can’t handle modern attacks. Whether it’s a
matter of using outdated tech, tools that are too complex, or simply not having
enough solutions at their disposal, these experts feel like they can’t prevent
attacks in real time with their existing tech resources. - Advanced
technologies aren’t perceived as real solutions. As one of their three answers to a question about the
challenges of deploying AI-based tech, half of the survey respondents indicate
that adopting such solutions would meet internal resistance because people think
its benefits aren’t real or are highly exaggerated.
So, even
if it is harder and more challenging to prevent attacks than to detect and
contain them, it’s still worth the effort to do what you can to prevent them
from happening. Having the right tools and technologies in place is especially
useful and is among the best ways to prevent cyber attacks. Using encryption
and authentication technologies, in addition to automation and AI, is
definitely one of the best approaches and should be part of a larger cyber
attack prevention strategy.
How PKI and Digital Certificates Help with Cyber Attack Prevention
Something that always interests us in these types of
articles is where public key infrastructure (PKI) and encryption fall within
the purview of necessity.
On a scale of 1-5, with 5 meaning very high impact and 1 meaning very low impact, public key infrastructure (PKI) has an impact score of 3.9 in terms of how well it helps to prevent cyber attacks. This tied PKI with privileged access management (PAM). This is behind only a few others:
- Intrusion detection / prevention (4.6)
- Incident & event management (SIEM) (4.4)
- Network traffic intelligence (4.2)
- User behavior activity monitoring (4.1)
- Access governance systems (4.1)
This means that while PKI isn’t the top contributing
factor, it is one of the most valuable technologies that organizations are
putting to use. Although this is something we already knew in terms of the
importance of PKI, it’s nice to see what we proclaim being validated by other
reputable organizations.
Digital certificate management also made the list
with an impact rating of 3.6. We’ll get more to the importance of that
momentary. But, first, let’s keep going with the benefits of having a
well-established PKI and how it helps you prevent cybersecurity attacks.
Why PKI Is Useful in Preventing Cyber Attacks
Public key infrastructure is the framework, technologies,
processes, and other integral components that are required for issuing, using,
and managing public key encryption certificates. This infrastructure involves
web browsers, certificate authorities (CAs), X.509 digital certificates, and their
public/private keys.
But how does PKI play a role in preventing cyber attacks? Public
key encryption does two things exceptionally well:
- It keeps bad guys out of your networks with
certificate-based authentication. (It’s a lot easier for hackers to steal a password
than it is for them to steal a certificate and private key!) - It protects your data so hackers can’t mess with
it (for example, to inject malware) or steal it. (This protects the integrity
of your data.)
Digital Certificates Enable Organizations to Encrypt and Protect Files
When asked which types of solutions they currently use to
prevent cyber attacks, encryption is one of the top solutions listed.
Encryption is important and is already in use in various ways in many
businesses around the globe. For example, data in transit encryption is used on
many businesses’ website servers. Some businesses also use encryption to secure
their IoT devices, email servers, and the email communications of specific
users. However, it doesn’t appear to be as widespread as we’d like yet in terms
of protecting mobile devices.
The survey data indicates that only 39% of organizations
reportedly take steps to protect data on employees’ mobile devices. Of those
respondents, 41% say their organizations use data in transit and at rest
encryption to secure data both while it is stored and being transmitted.
This is definitely an area that can use some improvement.
This is especially true considering that the survey respondents also indicate
that more than half (54%) say their organizations allow them to use their
personal mobile devices in the workplace and 41% say they use the devices for
work purposes.
Email Security
When talking about email security, phishing is a major
concern for every business. All it takes it for one email to be successful for
all of your good intentions, resources, and hard work to go out the window.
The FBI’s 2019 Internet Crime Report also indicates that email is among the most common entry points for fraud. According to the Ponemon/Deep Instinct survey, 79% of the respondents indicate that their organizations experienced at least one phishing attack. Of those, only 18% said that they were able to prevent them.
Of course, this is where cyber awareness training and the
use of digital signatures can really have an impact. For example, if your
employees are aware of the threats that exist with regard to phishing emails
and social engineering attacks, they’ll be less likely to fall for those types
of scams.
However, if their organizations also implement the use of
digital signatures via email signing certificates, it could help email
recipients more easily verify whether an email came from a legitimate person or
an imposter.
Digital Certificate Management
Managing your digital certificates is a critical task that
must be done effectively. This means that you need to have strong visibility
within your network and IT infrastructure to know what you have and whether
it’s protected. Having unknown certificates (shadow IT) and expired
certificates can lead to a variety of costly headaches for your team and your
organization as a whole.
For example, outages that result from certificate expirations can cost organizations more than $11.1 million, according to research from another Ponemon Institute report (sponsored by KeyFactor). Some of the resulting issues include:
- Website or service downtime/outages (which
displays that ugly “Not Secure” warning) - Lost sales and revenue
- Reputational damage and customer loss
- Non-compliance penalties
So, how do you manage all of these certificates to ensure
that this doesn’t happen at your organization? And what other solutions can you
use to streamline your cyber security efforts and prevent cyber attacks?
The Answer Lies with Automation and the Use of Other Advanced Technologies
More than two-thirds (67%) of the survey’s respondents believe that automation, artificial intelligence (AI), and other advanced technologies can help to prevent cyber attacks. This makes sense in many ways — computers are capable of scanning and analyzing logs and records faster than any human would ever be capable of doing. Furthermore, humans are more likely to make errors than machines and may forget to perform essential tasks.
The use of AI and machine learning-based solutions isn’t
about machines replacing humans. It’s about augmenting our practitioners’
capabilities and reducing some of the strain that’s placed upon them each day.
Part of this involves removing menial tasks from their workload that can be
automated. Another part is taking advantage of the vast processing and
analytical capabilities of AI to teach it to identify and recognize threats and
attacks more quickly — even those that have before been seen.
So, what are some of the reasons why
automation and learning-based solutions should be implemented?
- To ensure that basic yet critical tasks are
completed. - To enable your team to focus on higher-level
priorities and functions. - To improve the efficiency of your IT and
cybersecurity teams and give them peace of mind. - To increase visibility within your network and
systems. - To ensure that expiring certificates are renewed
prior to expiration. - To ensure compliance with various cyber security
laws and regulations - To decrease false positives.
- To Improve threat and attack detection rates,
- To improve an organization’s ability to prevent
unknown, zero-day attacks.
Manage Digital Certificates like a Boss
14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.
Breaking Down the Research Survey: A Look at the Respondents
The survey focuses on the responses of more than 634
cybersecurity and IT professionals to questions relating to the following five overarching
phases of the cybersecurity lifecycle. Of those respondents, 24% were IT
management professionals and 18% work in the financial services sector.
Summary: Organizations Can Save a Lot by Using Proven Attack Prevention
Tactics
This study highlights a key opportunity for
cybersecurity-savvy companies. By focusing more of their budget and resources
on cyber attack prevention, they can save significant costs, while protecting
their reputation and business. Key attack prevention tactics include (but are
not limited to):
- Using PKI for authentication and encryption
- Implementing automation where practical
- Using automated digital certificate management
systems
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/cyber-attack-prevention-can-save-businesses-up-to-1-4m-per-attack/
