How Big is Your Attack Surface?
How Big is Your Attack Surface?

The Ponemon Institute, on behalf of HP, released the 2015 Cost of Cyber Crime Study, which seeks to understand which cyber attacks are most common and most costly and which defences are most effective. Central to this year’s report is an awareness of the growing attack surface for cyber criminals to exploit, brought on by mobile and the cloud.

The study looked at data from 252 companies in 7 countries. More than 2000 interviews and nearly 2000 attacks were used to measure total costs. However, the costs did not include expenditures to improve security nor compliance associated costs.

Not surprisingly, this year’s study found that the cost of cyber crime is rising. The average cost of cyber crime per company is up to $7.7 million, from $7.6 million last year. This is a global figure, with the US sample reporting the highest total average cost at $15 million. The greatest total annualized cost of cyber crime in 2015 was $65 million, with the lowest costing over $300,000. The number of successful cyber attacks is also increasing, up 46% over the past 4 years. Worse yet, each incident is taking longer to resolve. It now takes an average of 26 days to resolve a cyber attack incident, up from 14 days in 2010.

What Are the Most Costly Kinds of Attacks?

The report found that attacks from malicious insiders can rack up a cost of $145,000. Next in line were denial of service, web-based, phishing, social engineering, and malicious code. In order to bring these costs down, organizations must fight back with a combination of tactics, including:

  1. Resolve attacks more quickly by implementing solutions to detect and resolve attacks
  2. Reduce the number of attacks using a combination of governance and better intrusion prevention systems
  3. Minimize the damage by protecting data with encryption and focusing on application security

Executive support for data security is now recognized as a key differentiator when it comes to setting a strong security posture. As the 2015 Cost of Cyber Crime Study notes, pairing a strong security culture with processes, awareness, policies and technology, the costs associated with cyber crime can greatly be reduced.

Endpoint devices are currently responsible for expanding the attack surface for cyber crime, but with strong endpoint security from Absolute DDS, you can regain the visibility you need to assess risk and apply remote security measures, often automated. In the event of a security incident, you have the visibility you need to prove that compromised devices were properly secured (encryption status), not accessed and safely deleted. Learn more here.


Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.