Do you know that crypto malware incidents costs SMEs on average 100,000$ a year and total cost of each data breach is about $4 million on a roughly $158 for each lost or stolen record containing sensitive and confidential information? In this Newsletter we’ll explain why and what can be done in order to minimize the risks.
If you don’t know yet, a data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. The individual’s motivation to break into companies infrastructure and steal information is extremely vivid when financial outcomes are proposed.
The single most important leverage hackers have against companies is time.
Hackers won’t stop for nothing and have an extremely powerful advantage against their targets: time. They have all the time in the world to prepare attacks & decoys, discover vulnerabilities, exploit, obtain and leverage unauthorised access in order to succeed their mission. On opposite, for a company it’s enough a single point of failure to lose everything.
Moreover, Mandiant 2015 Threat report concluded that 205 days was the median number of days attackers were present on a victim’s network before they were discovered. According to Kaspersky Lab, costs of a crypto malware attack is about $100,000 each year and 34% entrepreneurs admitted they’ve payed the ransom.
What can hackers do in 205 days on the victim network?
- Act like legitimate employees: experienced hackers will leverage their privileges until they can navigate & perform actions in the network with legitimate employees credentials, and even clear their traces making almost impossible to investigate incidents
- Backdoor everything: they have enough time to build hundreds of backdoors which can help them to come back if one of the entries is mitigated by specialists, so to fully secure your network you will need massive resources and many assessments and reviews of the internals
- Full Surveillance & Data Exfiltration: hackers could install software solutions in order to intercept any action your employees make in the network such as sending emails, transferring documents, developing commercial offers, blueprints, management plans, customers details, procedures, custom applications and even capture keystrokes or record employees screens and meetings. The information could be stolen and sold back on black markets, shared with your competitions or leaked on the internet.
- Partial or Fully Disrupt the Company’s Activity: hackers could obtain access and learn how all your backup & disaster recovery procedures work in order to find ways to disturb or fully suspend activity in the company; just imagine what can happen if hackers obtain access to your production infrastructure and also backup systems.
- Zombie Network: hackers can and will use your IT infrastructure assets to transform them in remotely controlled devices used to perform criminal activities such as spam, phishing, malware distribution, denial of service attacks etc
- Blackmail or Leak Data on the Internet: in order to maximize their profits they might even blackmail you to choose between paying a ransom or leak sensitive information on the Internet in order to destroy your company or employees reputation.
What are the costs for any data breach of a company?
There are three main types of costs for any company who experience data breach incidents, based on the company’s losses:
- Infrastructure & Personnel Costs: you will have to review each byte that passed through the company’s networks months before the finding to fully understand how & what unauthorised access attacker gained, what information were stolen and how the impact can be minimized. Only after that, it is recommended to perform penetration testing & vulnerability assessments tests against network assets and prepare proactive procedures and adopt good solutions to minimize the risks of similar events. Training & raising awareness among the employees will be needed.
- Branding & PR Costs: If the incident will be publicly acknowledged risks of damaging the reputation, losing investors and clients trust or experiencing shares drops will rise up.
- Legal Costs: Besides incident investigation you will have to be prepared for local regulations & laws fines or angry customers who will ask for compensation.
What can be done to minimize the risks & impact of this events?
As you probably know, there is no bullet proof security solution to protect your business but there are certain ways to prepare for worse:
- Perform regular penetration testing & vulnerability assessments, ask for assessments when certain parts of the network are changed or upgraded
- Adopt security solutions to protect against attacks & data exfiltration
- Develop procedures for backups, updates, data leakage, disaster recovery etc
- Train your staff and develop internal security awareness programs
- Challenge your IT departments with regular cyber attacks & incidents simulation