SlideShare ist ein Scribd-Unternehmen logo

Quantifying the Impact of Network-Based Attacks

Icomm Technologies
Icomm Technologies

Network security is critical. But how do you quantify the value? How do you justify investing in network security products like next-generation firewalls, intrusion prevention systems and unified threat management appliances?

Business
1 von 7
Downloaden Sie, um offline zu lesen
Quantifying the Impact of Network-Based Attacks A short guide to assessing the value of next-generation firewalls The Impact of Attacks on Your Bottom Line Network security is critical. But how do you quantify the value? How do you justify investing in network security products like next-generation firewalls, intrusion prevention systems and unified threat management appliances? This document will give you some guidelines on how to assess the impact of network-based attacks on your organization. We will look at: Different types of network-based attacks • How those attacks can affect your bottom line • Methods of quantifying the impact of those attacks • We can’t give you a simple “impact of attacks” calculator. Every organization is faced with different threats, and the cost of attacks depends on many factors. But we can provide sources of industry studies and suggest techniques for creating your own economic model. we can provide sources of industry studies and suggest techniques for creating your own economic model.
Types of Network-Based Attacks There are hundreds of network-based attacks that can damage an organization. These include:  Viruses, Trojans, worms and other malware that can shut down servers and workstations or steal data.  Advanced persistent threats designed to penetrate networks and exfiltrate intellectual property and confidential information.  Distributed denial-of-service (DDOS) and flooding attacks that can overwhelm servers and shut down web sites. How Network-Based Attacks Can Affect Your Bottom Line It is useful to divide network-based attacks into two categories based on the type of harm they cause: data breaches and loss of service. Data breaches Data breaches are attacks that result in confidential information being captured and exfiltrated out of the organization so that it falls into the hands of criminals or competitors. The damages caused by data breaches include:  Lost business, as measured by reduced revenue, abnormal customer churn and increased customer acquisition costs.  Detection and technical remediation costs, for identifying and blocking attacks, assessing damage and putting corrective measures in place.  Notification costs, for communicating facts about the breach to potential victims and protecting victims from harm – for example, giving them memberships in credit monitoring services.  Legal and regulatory costs, from fines and lawsuits.  Loss of competitiveness, from intellectual property such as engineering designs and business plans falling into the hands of competitors. 2
Loss of service Loss-of-service attacks result in computer systems – workstations as well as web, application or database servers – being disabled or degraded. Financial effects include:  Lost business, when customers cannot check inventory, place orders or otherwise interact with the organization.  Lost productivity, when business processes are interrupted or employees cannot do their jobs because workstations or servers are unavailable.  Remediation, where IT and support staff lose time diagnosing problems, coaching employees, restarting services and re-imaging PCs. Quantifying the Impact of Attacks – Surveys To quantify the impact of network-based attacks, industry surveys and studies are a good place to start. Here we will look briefly at two that address the cost of data breaches. The Ponemon Institute Cost of a Data Breach Survey The most extensive recent survey of the cost of data breaches was performed by the Ponemon Institute in late 2011 and published in March 2012. The institute conducted in-depth interviews with 49 U.S. companies in 14 industries that had experienced the loss or theft of customers’ personal data. Some of the key findings are shown in Table 1. Table 1: Figures from the Ponemon Institute 2011 Cost of a Data Breach Survey Lost business Cost per record $106 Post data breach 3 Cost per breach $3,007,015 $1,505,049 $53 Typical expenses Abnormal customer turnover, increased customer acquisition activities, reputation losses, diminished goodwill Help desk, inbound communications, remediation, legal expenditures, product discounts, identity protection services
Notification $561,495 $20 Detection and escalation $428,330 $15 Total (rounded) $5.5 million Creation of contact databases, determination of regulatory requirements, outside experts, postal expenditures Forensics, assessment and audit, crisis team management, communications to executive management $194 The per-record figures allow you to scale these costs up and down based on the number of records of protected personal data in your organization. The study also includes other figures that can be very helpful in adjusting costs to different situations. The study includes figures for the 14 industries (for example, the reported cost per record is highest for the communications, pharmaceutical and financial industries and lowest for public sector, hospitality and media) and adjustments based on factors such as whether the organization has a CISO and whether the data was lost or stolen due to mistakes by a third party. However, the study has limitations. The sample was limited in size and geography, and it excluded breaches of over 100,000 records (on the grounds that they would distort the averages). Also, it did not try to measure the effect of losing intellectual property. The Ponemon Institute study is available at: http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-cost-of-a-data-breach-2011. A summary in slide format can be viewed at: http://www.slideshare.net/symantec/2011annual-study-us-cost-of-a-data-breach-march-2012. The NetDiligence® Cyber Liability & Data Breach Insurance Claims Study In October 2012, NetDiligence published a study of 137 events between 2009 and 2011 that resulted in insurance companies making payouts on cyber liability claims. Some of the findings are shown in Table 2. 4
Table 2: Figures from the NetDiligence Cyber Liability & Data Breach Insurance Claims Study Legal settlement Legal defense Credit monitoring Forensics Cost per breach $2,100,000 $582,000 $345,000 $341,000 Notification Legal counsel Call center $180,000 $66,000 $50,000 Total (rounded) Typical Range $3.7 million $6,000 - $300,000 $10,000 - $225,000 $20,000 - $100,000 $5,000 - $100,000 $4,000 - $40,000 (but one exceeded $1 million) These figures differ from the Ponemon study in part because the sample is different (incidents where an insurance payout was made). However, while this study does not attempt to quantify the costs of lost business, the other estimates are in the same ballpark. The NetDiligence study results can be downloaded at: http://www.netdiligence.com/files/ CyberClaimsStudy-2012sh.pdf. Estimates for Your Organization Back-of-the-Envelope Calculations Perhaps industry surveys provide enough “ballpark” data to justify your investment in network security technologies. If not, the next step is to estimate a few key variables based on data for your own organization. For example, you may have figures for or be able to estimate:  revenue loss for every hour your web site is down because of a DDoS attack. The  productivity loss for every hour a key business process is down because of The malware disabling the server. 5
 hourly rate for help desk personnel to diagnose malware infections on PCs and The for the support group to re-image infected PCs..  cost per record for notifying customers or employees in the event of a data The breach and providing credit monitoring services to them for a year. You can then use these hourly or per-record estimates to make back-of-the-envelope calculations based on the number of hours you expect to reduce downtime or the number of records that your organization might lose from a security breach. ‘War game’ simulations Some organizations have created valuable estimates by conducting “war game” simulations. These involve gathering a cross-section of company staff from IT, marketing, HR, legal and other functions, and running through an attack scenario – say, a denial-of-service attack or a breach of customer information. These exercises not only help quantify costs, but often turn up unexpected effects – for example, contractual obligations or the regulatory impact of data breaches. Data from peer organizations It fairly easy to find in the press examples of all of the types of attacks detailed here, often with discussions of the costs. Information can also be found from colleagues, industry associations and other sources. For example, one survey showed that the cost of DDoS attacks exceeded $10,000 per hour for travel, telecom and financial industry web sites and over $100,000 per hour for large retail web sites. 1 Detailed business case – an ANSI model If you need to construct a detailed business case, ANSI (the American National Standards Institute) provides an excellent model in a document titled, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.” 1 Neustar Insights, DDoS Survey: Q1 2012, http://hello.neustar.biz/rs/neustarinc/images/neustar-insights-ddos-attack-survey-q1-2012. pdf. Other statistics useful for doing back-of-the-envelope calculations are included in Zurich American Insurance Corp.’s Data Breaches: Greater frequency, greater costs for all companies, http://www.zurichna.com/internet/zna/sitecollectiondocuments/en/products/ securityandprivacy/data%20breach%20costs%20wp%20part%201%20(risks,%20costs%20and%20mitigation%20strategies).pdf. 6
The document is aimed at organizations that manage protected health information and contains details that are specific to healthcare, HIPAA and other health-related legislation. However, it includes valuable material that can be modified and adapted for other environments. For example, the following five-step process is outlined in the document: 1. Conduct risk assessment 2. Determine security-readiness score 3. Assess the relevance of a cost 4. Determine the impact 5. Calculate the total cost of a breach It also includes a hypothetical scenario of a breach with an extremely detailed cost calculation based on reputation repercussions, remediation costs, lost productivity, communications and public relations costs, and legal and regulatory costs. This document is available at: http://webstore.ansi.org/phi/. 2 Recap: Putting the Pieces Together Depending on how much detail you need, there are many ways to go about quantifying the impact of network-based attacks and, therefore, the potential value of next-generation firewalls and other network security products. The first step is to understand exactly how data breaches and loss-of-service attacks can affect costs and revenue. Then, if a broad-brush estimate is enough, you may be able to find the justification you need in industry surveys such as the Ponemon Institute Cost of a Data Breach Survey and the NetDiligence Cyber Liability & Data Breach Insurance Claims Study. If you need detail that is more specific to your organization, you can create back-of-the-envelope calculations, run “war game” simulations and find data about peer organizations. Or you can create a highly detailed model, perhaps based on a template like the one provided in ANSI’s “The Financial Impact of Breached Protected Health Information.” 2 See Chapters 7 and 8. 7

Empfohlen

Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in Telecommuting
Icomm Technologies
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
Icomm Technologies
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
Icomm Technologies
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.
Icomm Technologies
 
Icomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew success
Icomm Technologies
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
Icomm Technologies
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deck
Icomm Technologies
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
Icomm Technologies
 

Empfohlen

Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in Telecommuting
Icomm Technologies
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
Icomm Technologies
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
Icomm Technologies
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.
Icomm Technologies
 
Icomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew success
Icomm Technologies
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
Icomm Technologies
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deck
Icomm Technologies
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
Icomm Technologies
 
The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks
Icomm Technologies
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
Icomm Technologies
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
Icomm Technologies
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365
Icomm Technologies
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
Icomm Technologies
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
Icomm Technologies
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
Icomm Technologies
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it
Icomm Technologies
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paper
Icomm Technologies
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overview
Icomm Technologies
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
Icomm Technologies
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machines
Icomm Technologies
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
Icomm Technologies
 
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Icomm Technologies
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
IndeedSEO
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
ranineha57744
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
Hector Del Castillo, CPM, CPMM
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 

Weitere ähnliche Inhalte

Mehr von Icomm Technologies

Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
Icomm Technologies
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
Icomm Technologies
 

Mehr von Icomm Technologies (15)

The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paper
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overview
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machines
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
 
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.
 

Kürzlich hochgeladen

Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 

Kürzlich hochgeladen (20)

SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 

Quantifying the Impact of Network-Based Attacks

  • 1. Quantifying the Impact of Network-Based Attacks A short guide to assessing the value of next-generation firewalls The Impact of Attacks on Your Bottom Line Network security is critical. But how do you quantify the value? How do you justify investing in network security products like next-generation firewalls, intrusion prevention systems and unified threat management appliances? This document will give you some guidelines on how to assess the impact of network-based attacks on your organization. We will look at: Different types of network-based attacks • How those attacks can affect your bottom line • Methods of quantifying the impact of those attacks • We can’t give you a simple “impact of attacks” calculator. Every organization is faced with different threats, and the cost of attacks depends on many factors. But we can provide sources of industry studies and suggest techniques for creating your own economic model. we can provide sources of industry studies and suggest techniques for creating your own economic model.
  • 2. Types of Network-Based Attacks There are hundreds of network-based attacks that can damage an organization. These include:  Viruses, Trojans, worms and other malware that can shut down servers and workstations or steal data.  Advanced persistent threats designed to penetrate networks and exfiltrate intellectual property and confidential information.  Distributed denial-of-service (DDOS) and flooding attacks that can overwhelm servers and shut down web sites. How Network-Based Attacks Can Affect Your Bottom Line It is useful to divide network-based attacks into two categories based on the type of harm they cause: data breaches and loss of service. Data breaches Data breaches are attacks that result in confidential information being captured and exfiltrated out of the organization so that it falls into the hands of criminals or competitors. The damages caused by data breaches include:  Lost business, as measured by reduced revenue, abnormal customer churn and increased customer acquisition costs.  Detection and technical remediation costs, for identifying and blocking attacks, assessing damage and putting corrective measures in place.  Notification costs, for communicating facts about the breach to potential victims and protecting victims from harm – for example, giving them memberships in credit monitoring services.  Legal and regulatory costs, from fines and lawsuits.  Loss of competitiveness, from intellectual property such as engineering designs and business plans falling into the hands of competitors. 2
  • 3. Loss of service Loss-of-service attacks result in computer systems – workstations as well as web, application or database servers – being disabled or degraded. Financial effects include:  Lost business, when customers cannot check inventory, place orders or otherwise interact with the organization.  Lost productivity, when business processes are interrupted or employees cannot do their jobs because workstations or servers are unavailable.  Remediation, where IT and support staff lose time diagnosing problems, coaching employees, restarting services and re-imaging PCs. Quantifying the Impact of Attacks – Surveys To quantify the impact of network-based attacks, industry surveys and studies are a good place to start. Here we will look briefly at two that address the cost of data breaches. The Ponemon Institute Cost of a Data Breach Survey The most extensive recent survey of the cost of data breaches was performed by the Ponemon Institute in late 2011 and published in March 2012. The institute conducted in-depth interviews with 49 U.S. companies in 14 industries that had experienced the loss or theft of customers’ personal data. Some of the key findings are shown in Table 1. Table 1: Figures from the Ponemon Institute 2011 Cost of a Data Breach Survey Lost business Cost per record $106 Post data breach 3 Cost per breach $3,007,015 $1,505,049 $53 Typical expenses Abnormal customer turnover, increased customer acquisition activities, reputation losses, diminished goodwill Help desk, inbound communications, remediation, legal expenditures, product discounts, identity protection services
  • 4. Notification $561,495 $20 Detection and escalation $428,330 $15 Total (rounded) $5.5 million Creation of contact databases, determination of regulatory requirements, outside experts, postal expenditures Forensics, assessment and audit, crisis team management, communications to executive management $194 The per-record figures allow you to scale these costs up and down based on the number of records of protected personal data in your organization. The study also includes other figures that can be very helpful in adjusting costs to different situations. The study includes figures for the 14 industries (for example, the reported cost per record is highest for the communications, pharmaceutical and financial industries and lowest for public sector, hospitality and media) and adjustments based on factors such as whether the organization has a CISO and whether the data was lost or stolen due to mistakes by a third party. However, the study has limitations. The sample was limited in size and geography, and it excluded breaches of over 100,000 records (on the grounds that they would distort the averages). Also, it did not try to measure the effect of losing intellectual property. The Ponemon Institute study is available at: http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-cost-of-a-data-breach-2011. A summary in slide format can be viewed at: http://www.slideshare.net/symantec/2011annual-study-us-cost-of-a-data-breach-march-2012. The NetDiligence® Cyber Liability & Data Breach Insurance Claims Study In October 2012, NetDiligence published a study of 137 events between 2009 and 2011 that resulted in insurance companies making payouts on cyber liability claims. Some of the findings are shown in Table 2. 4
  • 5. Table 2: Figures from the NetDiligence Cyber Liability & Data Breach Insurance Claims Study Legal settlement Legal defense Credit monitoring Forensics Cost per breach $2,100,000 $582,000 $345,000 $341,000 Notification Legal counsel Call center $180,000 $66,000 $50,000 Total (rounded) Typical Range $3.7 million $6,000 - $300,000 $10,000 - $225,000 $20,000 - $100,000 $5,000 - $100,000 $4,000 - $40,000 (but one exceeded $1 million) These figures differ from the Ponemon study in part because the sample is different (incidents where an insurance payout was made). However, while this study does not attempt to quantify the costs of lost business, the other estimates are in the same ballpark. The NetDiligence study results can be downloaded at: http://www.netdiligence.com/files/ CyberClaimsStudy-2012sh.pdf. Estimates for Your Organization Back-of-the-Envelope Calculations Perhaps industry surveys provide enough “ballpark” data to justify your investment in network security technologies. If not, the next step is to estimate a few key variables based on data for your own organization. For example, you may have figures for or be able to estimate:  revenue loss for every hour your web site is down because of a DDoS attack. The  productivity loss for every hour a key business process is down because of The malware disabling the server. 5
  • 6.  hourly rate for help desk personnel to diagnose malware infections on PCs and The for the support group to re-image infected PCs..  cost per record for notifying customers or employees in the event of a data The breach and providing credit monitoring services to them for a year. You can then use these hourly or per-record estimates to make back-of-the-envelope calculations based on the number of hours you expect to reduce downtime or the number of records that your organization might lose from a security breach. ‘War game’ simulations Some organizations have created valuable estimates by conducting “war game” simulations. These involve gathering a cross-section of company staff from IT, marketing, HR, legal and other functions, and running through an attack scenario – say, a denial-of-service attack or a breach of customer information. These exercises not only help quantify costs, but often turn up unexpected effects – for example, contractual obligations or the regulatory impact of data breaches. Data from peer organizations It fairly easy to find in the press examples of all of the types of attacks detailed here, often with discussions of the costs. Information can also be found from colleagues, industry associations and other sources. For example, one survey showed that the cost of DDoS attacks exceeded $10,000 per hour for travel, telecom and financial industry web sites and over $100,000 per hour for large retail web sites. 1 Detailed business case – an ANSI model If you need to construct a detailed business case, ANSI (the American National Standards Institute) provides an excellent model in a document titled, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.” 1 Neustar Insights, DDoS Survey: Q1 2012, http://hello.neustar.biz/rs/neustarinc/images/neustar-insights-ddos-attack-survey-q1-2012. pdf. Other statistics useful for doing back-of-the-envelope calculations are included in Zurich American Insurance Corp.’s Data Breaches: Greater frequency, greater costs for all companies, http://www.zurichna.com/internet/zna/sitecollectiondocuments/en/products/ securityandprivacy/data%20breach%20costs%20wp%20part%201%20(risks,%20costs%20and%20mitigation%20strategies).pdf. 6
  • 7. The document is aimed at organizations that manage protected health information and contains details that are specific to healthcare, HIPAA and other health-related legislation. However, it includes valuable material that can be modified and adapted for other environments. For example, the following five-step process is outlined in the document: 1. Conduct risk assessment 2. Determine security-readiness score 3. Assess the relevance of a cost 4. Determine the impact 5. Calculate the total cost of a breach It also includes a hypothetical scenario of a breach with an extremely detailed cost calculation based on reputation repercussions, remediation costs, lost productivity, communications and public relations costs, and legal and regulatory costs. This document is available at: http://webstore.ansi.org/phi/. 2 Recap: Putting the Pieces Together Depending on how much detail you need, there are many ways to go about quantifying the impact of network-based attacks and, therefore, the potential value of next-generation firewalls and other network security products. The first step is to understand exactly how data breaches and loss-of-service attacks can affect costs and revenue. Then, if a broad-brush estimate is enough, you may be able to find the justification you need in industry surveys such as the Ponemon Institute Cost of a Data Breach Survey and the NetDiligence Cyber Liability & Data Breach Insurance Claims Study. If you need detail that is more specific to your organization, you can create back-of-the-envelope calculations, run “war game” simulations and find data about peer organizations. Or you can create a highly detailed model, perhaps based on a template like the one provided in ANSI’s “The Financial Impact of Breached Protected Health Information.” 2 See Chapters 7 and 8. 7