Wednesday, October 4, 2017

The smart investment

Things get hot between US and Russia. We do not want to be the ones who stir up the flames, but there is a fable on the Internet that deserves to be read. "When NASA began launching astronauts, they immediately realized that pens would not work with zero gravity. To solve this problem, NASA hired a company that after a time and a large investment presented them with an innovative ballpoint pen writing with zero gravity. The Russians used a pencil." Let's be clear, this fable is not true, here you will find the real story, but it clearly illustrates the moral to learn: think before investing.

Something similar happens in the cybersecurity sector. Recent news about Equifax, Deloitte and Whole Foods, among others, have made it clear that cyberattacks pose a risk to the privacy of businesses and users, but these are not their only consequences. A new truth hits us in the face: cyberattacks have a global financial impact. During this year the average global cost of the attacks increased to almost 10 million euros per organization, an increase of 23% compared to 2016 and almost 70% over the previous 5 years. The attacks are real and companies are starting to increase their spending on security, but are the investments the correct ones?

To shed light on the issue, Accenture and Ponemon Institute have conducted the following survey called "The cost of Cyber Crime Study" in which the answers of 2,182 security and IT professionals have been analyzed. All these data have made one thing clear: cyberattacks have not diminished since the creation of the Ponemon Institute in 2009. The companies suffer 130 security breaches per year, with the worst-off are energy and financial sector with an annual cost of more than 14 and 15 million euros respectively. And the truth is that, as attacks increase, so does the time needed to deal with them. The types of attacks that take the most time are those that come from the internal staff, which need about 50 days on average to be totally solved.
However, costs are not static and vary considerably depending on the country and type of cyberattack. Australia, for example, has the lowest cost per cyberattack with $5 million, while Japan bears the brunt of the damage, which has experienced the largest increase in costs, up 22% to more than 10 millions of dollars.

The same survey that presents this dark panorama gives us the keys to remedy it. The results indicate the most effective way to reduce losses in a cyberattack: intelligence security systems based on the analysis of data from various sources that help the company identify and prioritize external and internal threats. These types of technologies represent significant cost savings compared to the rest of the survey. On the other hand, automation, orchestration and automatic learning technologies are only developed by 3 out of 10, despite being among the technologies that reduce costs.

Having seen the high cost of these attacks and their devastating consequences, it´s when the importance of a good security strategy and the correct monitoring of the investments take on weight. This survey shows that making the right investments can help significantly when criminals attack. According to Kelly Bissel, director of Accenture Security: "Keeping pace with these more sophisticated attacks requires companies to adopt a dynamic and agile security strategy that builds their resilience from the inside out and not focusing on the perimeter, as has been done so far. "

Attacks are real and the cybercriminals are innovating in their ways and ways of acting, and although a strategy can´t stop them, it´s a good defense barrier. While a stable and constant security plan should be put in place to improve cyber-defense, understanding the cost of cybercrime could help make the most appropriate investments for each company. Because if we invest, it´s better investing properly.


Post a Comment