Security Breaches from the Attacker’s POV: What You Need to Know
IT security pros: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Sun Tzu wrote that in “The Art of
War.” Even though he didn’t have corporate digital security in mind when he did, it’s still a quote that should ring true in the fight against hackers and cyber crooks. After all, the better the security team understands those on the other side, the better prepared it will be to efficiently repel intrusions.
That’s the kind of insight found in “Flipping the Economics of Attacks,” a new study released by the Ponemon Institute. This study compiled the expertise of IT security insiders across multiple countries to formulate a look at attacks from the hacker point of view. Here are four things businesses should know about attacks and attackers.
#1 – Who They Are
If a company knew exactly who was attacking it, stopping that attack should become pretty easy. While Ponemon can’t provide the names/faces of all suspected cyber crooks, what it can do is give companies a look into the personalities and goals of attackers.
For instance, the study found:
- An average of 69% of respondents said hackers were motivated strictly by the money involved in a successful cyber attack
- 72% of respondents described hackers as opportunistic when it comes to choosing their targets. Most would rather go after a weaker target then one that was hardened and ready for an attack
- 69% of respondents said hackers would call off an attack should a target present too strong of a defensive front
- While some attackers do score big paydays, the typical earnings of attackers can be quite humble. Hackers earn an average of $28,744 per year for their devious efforts
#2 – Cost & Time
Security and IT pros work long hours ensuring their systems are ready should attackers come knocking. Unfortunately for IT pros hoping attackers at least feel their pain in this regard, it turns out the average hacker has an enviable work-life balance. The study found that the typical hacker spends roughly 705 hours per year preparing and launching attacks, or a little over 13 hours per week. It’s safe to assume that’s far less than the time security pros are spending to keep them out.
This study also found the time and financial investments needed to execute an attack were shrinking. It showed:
- 53% surveyed said it costs less to launch a successful attack
- 53% said the time spent planning and executing an attack dropped
Those who believe the time spent planning and executing attacks has gone down believe it’s due to:
- Increasing numbers of exploits and vulnerabilities (67%)
- Attackers getting more efficient (52%)
- Hacker tools becoming more effective (46%)
#3 – Tools of the Trade
Protecting corporate data from attackers can become a matter of escalation. If attackers’ tools and methods keep improving, it puts an onus on security pros to ensure their tools and methodologies do the same. Otherwise, they risk leaving themselves and their business vulnerable.
According to the study:
- 63% of respondents said the use of hacker tools increased over the last two years
- 64% of those surveyed described these tools as being “highly effective,” a proclamation sure to send shivers down the spines of security pros
- 31% of respondents said they saw significant improvement in the quality of hacker tools, a total of 84% said they saw some level of improvement
- On average, hackers spent $1,367 on the specialized tools they used to launch attacks
#4 – Hacker Response to Defense
If a backdoor is left open thanks to missed patches or other poor security practices, of course hackers are going to take advantage and let themselves in. But what about the companies that present a hardened defensive front? Hackers’ response to these companies shows just how hard they’re willing to work to get what they want.
According to the study:
- If companies can drive up the time needed to conduct a successful attack by 40 hours or more, 60% of attackers are likely to give up and move on to easier targets
- Typically, hackers spend 70 hours total planning and executing an attack against an average security infrastructure. Elite infrastructures force attackers to spend 147 hours on the total process.
Keep attackers at arm’s length
Knowing the enemy isn’t just a good defense strategy, it’s the best defense strategy according to the Ponemon study. Sharing threat intelligence among peers can thwart an average of 39% of cyberattacks, according to the study’s respondents. However, 15% of participants went even further, saying 76%-100% of attacks could be prevented by threat intelligence.
Threat intelligence is a core component of Cisco’s IT security solutions, including Rapid Threat Containment. This solution brings together Cisco FireSIGHT Management Center and Identity Services Engine to form a barrier capable of standing up to next-level security threats. Rapid Threat Containment uses continually-updated threat intelligence to keep pace with the latest attacker tactics. This allows it to identify and isolate threats from something like malware as soon as they enter the corporate network.
To start a conversation on Rapid Threat Containment, or any one Cisco’s leading security solutions, visit us at: http://www.arrayasolutions.com/contact-us/. Our award-winning Cisco team has spent decades assisting customers to build security solutions which address their specific needs. Our team also has the implementation and support experience needed to ensure immediate and full value is achieved early on and for the duration of the solution’s life cycle.
Upcoming Event: Join Arraya Solutions and Cisco on March 23rd for a Cyber Threat Response Clinic, where you’ll experience a live demo of a malware attack – and how to respond to it. View details and register for this complimentary workshop at www.arrayasolutions.com/events