Sonicwall Midyear Banner1

Security Market Segment LS

Sonicwall Midyear2 Banner

Sonicwall Leaderboard Banner2

Wednesday, 28 August 2019 02:06

Internet Society weighs up the cost to business of cyber security breaches Featured

By
Internet Society weighs up the cost to business of cyber security breaches Image Stuart Miles, FreeDigitalPhotos.net

The financial impact of ransomware rose by 60% in 2018, losses from business email compromise (BEC) doubled, cryptojacking incidents - the unauthorised use of others’ computing resources to conduct cryptomining - more than tripled, and there continued to be a steady stream of high-profile data breaches, according to a report from the Internet Society’s Online Trust Alliance.

Describing the report’s statistics as “Some Better, Some Worse, All Bad Looking”, the Society says - “it might seem that 2018 finally brought some cyber incident relief “ – and the number of data breaches and exposed records were down, and both ransomware and DDoS attacks were down overall.

According to the Society it is difficult to get a complete, accurate picture of the overall cyber incident landscape.

“In tracking cyber incidents, many key data “pieces” exist, but are limited for a variety of reasons – they often represent only one vendor’s view of their user base, they are typically regional and not global, it is easier to measure attacks than measure which are successful, there is a lack of consolidated reporting mechanisms, and finally, it is still the case that most incidents go unreported,” the Society observes.

“In this context, the approach taken in this year’s report is to lay out the various key statistics and trends across the types of cyber incidents, but not come to a definitive conclusion regarding a precise number of incidents. As in prior years, the report will still outline threat trends and how to address them.

“There are several organisations that track data breaches, mostly relying on public reports, though the results vary widely due to different methodologies. Risk Based Security reports the highest number at 6,515 breaches and 5 billion exposed records, both down from 2017."

1. Identity Theft Resource Center also reports on breaches, finding 1,244 in 2018 with approximately 2 billion exposed records – the number of breaches is down from 2017 while the number of sensitive records exposed (447 million) is up significantly.

2. Privacy Rights Clearinghouse reported 635 breaches and 1.4 billion exposed records in 2018, both down from 2017.

3. Though these reports do include some international breaches, they do not cover all breaches worldwide, as shown in DLA Piper’s GDPR Data Breach Survey, which surveyed data protection authorities in the EU and found 59,000 reported breaches just between May and December 2018.

4. 2018 Incident Highlights 95% of breaches could have been prevented (ISOC) 3.2% decrease in reported breach incidents (RBS) 5 billion records exposed, a 35.9% decrease (RBS) $8 billion financial impact of ransomware (CV) 12% rise in business targeted ransomware (Symantec) $12.5 billion in global EAC/BEC losses since 2013 (FBI) worldwide estimates. In 2018 there certainly were many high-volume (and therefore high-profile) breaches – a dozen exposed more than 100 million records – and they can be instructive from both a trend and lessons learned standpoint. The largest breach, which involved 1.1 billion records of Aadhaar, India’s national ID database, happened early in the year and was attributed to an unsecured API.

5 The Marriott/Starwood breach impacted 383 million people. In retrospect it was clear that attackers had been in the Starwood network since 2014 (pre-Marriott acquisition), and would have been detected by routine network checks, thus highlighting the need to perform regular security checks and due diligence.

6 Under Amour had a breach of 150 million MyFitnessPalrecords and was lauded for its rapid and thorough response, though it was revealed that some passwords were encrypted using the weak SHA-1 hash.

"In 2018 there certainly were many high-volume (and therefore high-profile) breaches – a dozen exposed more than 100 million records – and they can be instructive from both a trend and lessons learned standpoint. The largest breach, which involved 1.1 billion records of Aadhaar, India’s national ID database, happened early in the year and was attributed to an unsecured API," the Society says

“Looking across the cyber incident landscape, a rough estimate of the overall volume can be calculated.

“The lead categories are cryptojacking (1.3 million) and ransomware (500,000), followed by breaches (60,000), supply chain (at least 60,000 infected websites), and BEC/EAC (20,000).

“Credential stuffing and DDoS attack success rates are more difficult to determine, though there are significant known successes for both.

“Adding it all up, the Internet Society’s Online Trust Alliance estimates that there were more than 2 million cyber incidents in 2018, and it is likely that even this number significantly underestimates the actual problem.

“The financial impact across all these types of incidents is also difficult to determine. While some have definitive reports (BEC/EAC at $1.2 billion in 2018) or strong estimates (ransomware at $8 billion, credential stuffing at $5 billion), others have more general estimates (average cost of data breach grew to $3.86 million according to Ponemon Institute, average cost of $222,000 per successful DDoS attack), and some are undetermined (cryptojacking, formjacking).

“Even using these loose estimates, it is easy to justify a total impact of more than $45 billion in 2018.

“All of this begs the question - are things getting better or worse?. The answer is “both” – as some types of attacks wane, others rise. What is very clear is that there are too many cyber incidents creating an unacceptable level of financial impact,” the Society concludes.

Read 2949 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Peter Dinham

Peter Dinham - retired in 2020. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments