Monday, October 15, 2012

Cyber Protection Isn't a "Mission: Impossible"

Image Courtesy By trick77/www.flickr.com

Warning. This blog will self destruct in 30 seconds.

For someone in my generation (I'm 43), cyber security wasn't exactly something that was taught in business school.

How times have changed.

Just about any business has at least one computer. And even if they don't, things like credit card processing machines and computerized cash registers can be compromised.

Whether you know it or not, you are risk for cybercrime and it will cost you in the end

In July of 2009, ArcSight (A HP company) and Ponemon Institute released its First Annual Cost of Cyber Crime Study.

According to the study, which involved interviews with the data protection and IT security practitioners in 45 US organizations, cyber crime is common, intrusive, and can have a significant impact on an organization’s bottom line. Over a four-week period, the 45 organizations surveyed in the study experienced 50 successful attacks per week, or more than one successful attack per organization per week. This resulted in a median annualized cost of $3.8 million per organization per year, with costs for the complete benchmark sample ranging from $1 million to nearly $52 million.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute.

Additional key findings of the study include:

  • The most costly cyber crimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cyber crime costs per organization on an annual basis.
  • Cyber attacks can be costly if not resolved quickly. In the sample, malicious insider attacks took up to 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.
  • Detection and recovery are the most costly internal activities. On an annualized basis, detection and recovery combined account for 46% of the total internal activity cost, with labor representing the majority of these costs.

Scary figures, but it is the world we live (and run businesses) in today. What's a company to do? Here are a few links that can help.

  • US-CERT United States Computer Emergency Readiness Team
    "US-CERT is charged with providing response support and defense against cyber attacks for the Federal Civil Executive Branch (.gov) and information sharing and collaboration with state and local government, industry and international partners."
  • Cybercrime
    A clearinghouse of cybercrime information and resources. There are legal and policy issues, the federal code as it relates to this subject, telephone numbers to report the different types of computer crimes, a section for children, and more.
  • Federal Bureau of Investigation: Cyber Investigations
    Website for this Federal Bureau of Investigation (FBI) division whose initiatives center on computer intrusions, online sexual predators and child pornography, anti-piracy and intellectual property rights, and organized crime involving Internet fraud.
  • Internet Crime Complaint Center (IC3)
    The "IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime."
  • CSO, Security and Risk
  • Threatpost
    A security news site. 

Thank you to Bellevue University for the links
 

It's no long a matter of “if”you get attacked, but “when.” Will you (and your company) be ready?

Until Next Time...

No comments: