Thales Blog

Enterprise Wake-Up Call – Cost Of Cyber Crime Is Up And Preventive Measures Save Money

October 22, 2013

Andy Kicklighter Andy Kicklighter | Director of Product Marketing More About This Author >

Screen Shot 2013-10-22 at 8.59.22 AMHave you had a look yet at the latest “Cost of Cyber Crime Study” from HP and Ponemon?  If you are an enterprise with 1000 or more employees the numbers are sobering.  For the organizations  sampled, each averaged two attacks per week during the benchmark period for the study.  The top two attacks?  1) 100% viruses, worms, trojans   2) 97% Malware.  Costs of these attacks were up 26% to an annualized cost of $11.56 million per year.

Which protections were the best for the money?  Security Intelligence Systems ($4M saved) and Access Governance ($2M saved).  It’s no surprise that these map directly to core features of Vormetric products – Access control to data protected with encryption, and security intelligence information to”feed” into a Security Information and Event Management (SIEM) system.  Once there the information is used to recognize compromised accounts and abnormal access behavior that may indicate a threat.

But there’s more – Highest estimated ROI?  Security Intelligence systems (21%) and extensive deployment of encryption technologies (18%).  Again … right where Vormetric is strongest.

If you are wondering why this is, think for a minute about what “the bad guys at the door” (or already inside your walls) are looking for – financial information, health care data (both of which directly translate to money on markets for stolen information) and critical IP.   They are looking for “data”.  Other studies (like the Mandiant Report) point out that successful intrusions tend be sticky, re-infecting even once the initial intrusion is removed, and on the network for a long period of time (234 days).  Under these circumstances, it’s time to think about a change in security posture that adds better data protection than you’d consider for compliance reasons only.

I’ve lost count of the number of customers I’ve spoken to who only implement data security protections because of compliance or legal governance reasons, and only for specific projects around these areas.  This ignores some critical facts – once an attack has compromised enough credentials, getting deep access to enough systems and applications, compliance level only protection won’t safeguard the data.  Additional access controls, and access pattern information around your data are just as important to safeguarding your organization.

Look at the numbers.   The stakes are higher than your next compliance audit.