Security Experts:

Report Highlights Costs of Mitigating Top Cyber Threats

Organizations can spend as much as $6,500 an hour to recover from distributed denial of service (DDoS) attacks and $3,000 a day recovering from malware infections, according to a new report from Solutionary.

In its 2013 Global Threat Intelligence Report, Solutionary identified sophisticated malware, DDoS attacks, the bring-your-own-device (BYOD) trend, and Web application security, as the top four security issues and threats organizations are concerned about. However, the report didn't stop with just identifying the threats. It also attempted to quantify the costs for mitigating these four threats.

Solutionary also attempted to quantify the costs to mitigate the four top threats identified in the report. What was clear from the report was that there were significant costs associated with not having, updating, or testing a proper incident response plan.

"Cyber criminals are targeting organizations with advanced threats and attacks designed to siphon off valuable corporate IP and regulated information, deny online services to millions of users and damage brand reputation," Don Gray, chief security strategist for Solutionary, said in a statement.

Organizations that take the time to have a proper incident response plan are more likely to spend less money on incident response when the unthinkable happens, Rob Kraus, director of research at Solutionary, told SecurityWeek.

Solutionary's report is based on real-world cases from its global customer base and reflects actual incidents and expenses, Kraus. The costs of incident response include hiring third-party consultants and incident response teams, beefing up staff after an attack, and buying new mitigation technologies.

Other figures relating to lost productivity, downtime in the event of a DDoS attack, and lost revenue were not included in the numbers, which means organizations would likely incur even higher costs after a security incident to mitigate the threats.

In the report, Solutionary found that 54 percent of malware samples can get past antivirus and endpoint security tools, and 44 percent of all phishing emails have banking themes. Nearly 45 percent of malware attack attempts target financial customers and 35 percent go after retail customers, Solutionary said. Most of the attacks take the form of phishing emails with malicious links and attachments.

Solutionary also examined the most targeted applications, and concluded Java now surpassed Adobe PDF as the one under heaviest attack. Nearly 40 percent of all exploits analyzed by Solutionary's team of researchers were based on Java vulnerabilities, Gray told SecurityWeek.

The report also found that United States organizations actually are at greater risk from domestic threats than they are from foreign threats. In fact, 83 percent of attacks against US organizations came from US-based IP addresses, the report found. Around 23 percent of US organizations attacked via US IP addresses were government agencies, the report said.

The shift away from the nation-state narrative runs counter to a lot of the hysteria surrounding Mandiant's report last month detailing attack strategies employed by a group based in China, and allegedly associated with the Chinese military.

To be fair, the second largest source of attacks in Solutionary's report was China, but the country accounts for a mere 6 percent of attacks against US businesses.

The heavy concentration of U.S. based attack IP addresses may also be tied to the high number of machines infected and unknowingly recruited into a botnet.

Another interesting finding showed that attackers from different countries tended to focus on different industry verticals. Most, or 90 percent, of China-based activity targeted the business services, technology, and financial sectors, while 85 percent of Japan-based attacks was focused on the manufacturing industry, Solutionary found.

Attacks targeting the financial sector appear originated "fairly evenly from attackers in many countries across the world," the company said. Attack techniques also varied by country, with Chinese attackers taking advantage of already-compromised devices, and Japanese and Canadian attackers focused on exploiting Web applications. Attacks from Germany generally involved more botnets and command-and-control activity. "The Solutionary GTIR provides actionable intelligence and strategic recommendations that will allow readers to make smart decisions, strengthen their organizations' cyber defenses and maximize the value of their security programs," Gray said.

The report also offers a Security Self-Assessment, which allows security and risk professionals to rank their cyber-security posture based on multiple criteria. They can use the rankings to determine strengths and weaknesses in the organization's security posture.

A section on "The Future" offers in-depth insights into the global threat landscape and a predictive look at how things will change. This may cover how malware authors will continue to evade anti-virus software, and how exploit kits will evolve.

The "Getting the Most from Threat Intelligence" section arms organizations with details on how to use threat intelligence to make decisions and take actions that will reduce overall security risks.

The full report from Solutionary is available here in PDF format.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.