Security Market Segment LS
Wednesday, 28 August 2019 02:06

Internet Society weighs up the cost to business of cyber security breaches Featured

By
Internet Society weighs up the cost to business of cyber security breaches Image Stuart Miles, FreeDigitalPhotos.net

The financial impact of ransomware rose by 60% in 2018, losses from business email compromise (BEC) doubled, cryptojacking incidents - the unauthorised use of others’ computing resources to conduct cryptomining - more than tripled, and there continued to be a steady stream of high-profile data breaches, according to a report from the Internet Society’s Online Trust Alliance.

Describing the report’s statistics as “Some Better, Some Worse, All Bad Looking”, the Society says - “it might seem that 2018 finally brought some cyber incident relief “ – and the number of data breaches and exposed records were down, and both ransomware and DDoS attacks were down overall.

According to the Society it is difficult to get a complete, accurate picture of the overall cyber incident landscape.

“In tracking cyber incidents, many key data “pieces” exist, but are limited for a variety of reasons – they often represent only one vendor’s view of their user base, they are typically regional and not global, it is easier to measure attacks than measure which are successful, there is a lack of consolidated reporting mechanisms, and finally, it is still the case that most incidents go unreported,” the Society observes.

“In this context, the approach taken in this year’s report is to lay out the various key statistics and trends across the types of cyber incidents, but not come to a definitive conclusion regarding a precise number of incidents. As in prior years, the report will still outline threat trends and how to address them.

“There are several organisations that track data breaches, mostly relying on public reports, though the results vary widely due to different methodologies. Risk Based Security reports the highest number at 6,515 breaches and 5 billion exposed records, both down from 2017."

1. Identity Theft Resource Center also reports on breaches, finding 1,244 in 2018 with approximately 2 billion exposed records – the number of breaches is down from 2017 while the number of sensitive records exposed (447 million) is up significantly.

2. Privacy Rights Clearinghouse reported 635 breaches and 1.4 billion exposed records in 2018, both down from 2017.

3. Though these reports do include some international breaches, they do not cover all breaches worldwide, as shown in DLA Piper’s GDPR Data Breach Survey, which surveyed data protection authorities in the EU and found 59,000 reported breaches just between May and December 2018.

4. 2018 Incident Highlights 95% of breaches could have been prevented (ISOC) 3.2% decrease in reported breach incidents (RBS) 5 billion records exposed, a 35.9% decrease (RBS) $8 billion financial impact of ransomware (CV) 12% rise in business targeted ransomware (Symantec) $12.5 billion in global EAC/BEC losses since 2013 (FBI) worldwide estimates. In 2018 there certainly were many high-volume (and therefore high-profile) breaches – a dozen exposed more than 100 million records – and they can be instructive from both a trend and lessons learned standpoint. The largest breach, which involved 1.1 billion records of Aadhaar, India’s national ID database, happened early in the year and was attributed to an unsecured API.

5 The Marriott/Starwood breach impacted 383 million people. In retrospect it was clear that attackers had been in the Starwood network since 2014 (pre-Marriott acquisition), and would have been detected by routine network checks, thus highlighting the need to perform regular security checks and due diligence.

6 Under Amour had a breach of 150 million MyFitnessPalrecords and was lauded for its rapid and thorough response, though it was revealed that some passwords were encrypted using the weak SHA-1 hash.

"In 2018 there certainly were many high-volume (and therefore high-profile) breaches – a dozen exposed more than 100 million records – and they can be instructive from both a trend and lessons learned standpoint. The largest breach, which involved 1.1 billion records of Aadhaar, India’s national ID database, happened early in the year and was attributed to an unsecured API," the Society says

“Looking across the cyber incident landscape, a rough estimate of the overall volume can be calculated.

“The lead categories are cryptojacking (1.3 million) and ransomware (500,000), followed by breaches (60,000), supply chain (at least 60,000 infected websites), and BEC/EAC (20,000).

“Credential stuffing and DDoS attack success rates are more difficult to determine, though there are significant known successes for both.

“Adding it all up, the Internet Society’s Online Trust Alliance estimates that there were more than 2 million cyber incidents in 2018, and it is likely that even this number significantly underestimates the actual problem.

“The financial impact across all these types of incidents is also difficult to determine. While some have definitive reports (BEC/EAC at $1.2 billion in 2018) or strong estimates (ransomware at $8 billion, credential stuffing at $5 billion), others have more general estimates (average cost of data breach grew to $3.86 million according to Ponemon Institute, average cost of $222,000 per successful DDoS attack), and some are undetermined (cryptojacking, formjacking).

“Even using these loose estimates, it is easy to justify a total impact of more than $45 billion in 2018.

“All of this begs the question - are things getting better or worse?. The answer is “both” – as some types of attacks wane, others rise. What is very clear is that there are too many cyber incidents creating an unacceptable level of financial impact,” the Society concludes.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments