Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Library:Study Shows Cost of Cyber Crime is Moderated by Use of SIEM Technologies

From Aanval Wiki
Jump to: navigation, search

Back to Library Main

Study Shows Cost of Cyber Crime is Moderated by Use of SIEM Technologies. SIEM Strengthens an Organization’s Security Effectiveness and Security Posture.


Cyber Crime is a Growing Security Risk with Tremendous Financial Impact

Security experts have been warning organizations of the rising threat of cyber crimes. Statistics show that cyber crimes have become one of the fastest growing criminal activities around the world and that cyber attacks have a tremendous financial impact on businesses and organizations. According to the Second Annual Cost of Cyber Crime Study published by the Ponemon Institute, the median cost of cyber crime is now $5.9 million per year, a 56% increase from the median cost in last year’s study. A quick summary of the report findings show that information theft accounted for 40% of total external costs while costs associated with the interruption of business operations accounted for 28%. Cyber crime recovery and detection activities combined accounted for 45% of the total internal activity cost while containment and investigation each represented 16%. Ex-post remediation response, which are activities that help organizations minimize potential future attacks represented the lowest internal activity cost at 15% which was 4% lower compared to the year before. This figure highlights a substantial cost-reduction opportunity for organizations that are able to automate recovery and detection activities through enabling security technologies. In addition, the study also uncovered that the time to resolve or contain cyber crimes increases the cost. The average time to resolve a cyber attack is 18 days with an average cost of $416,000. This is an increase of approximately 70% from the estimated cost of $250,000 during a 14-day resolution period in last year’s study.

The Ponemon cyber crime study surveyed 50 organizations in 50 different industry sectors and the result findings concluded that cyber attacks have become a common occurrences for all enterprises. The respondents surveyed experienced 72 successful attacks per week and more than one successful attack per company per week. This represents an increase of 44% from last year’s successful attack experience. Furthermore, more than 90% of all cybercrime costs were caused by viruses, malware, botnets, and web-based attacks.

Frequency of cyber attacks experienced by organizations surveyed

  1. Viruses, worms, and trojans: 100%
  2. Malware: 96%
  3. Botnets: 82%
  4. Web-based attacks 64%
  5. Stolen devices: 44%
  6. Malicious code: 42%
  7. Malicious insiders: 30%
  8. Phishing and Social Engineering: 30%
  9. Denial of Service: 4%

The cost of cyber crimes impacts all industries but the average annualized cost of cyber crime appears to vary by industry segment. The Ponemon report revealed that defense, utilities and energy, and financial services have a significant higher cost compared to organizations in technology, communications, public sector, transportation, retail, and consumer products. Moreover, small organizations experience a higher proportion of cyber crime costs relating to malicious code, malware, and web-based attacks. In contrast, large organizations experience a higher proportion of costs relating to malicious insiders and denial of service. Important statistics show that malicious insider, malicious code, and web-based attacks take more time to resolve in comparison to malware, botnets, and viruses.

Average days to resolve cyber attacks

  1. Malicious insiders: 45.5
  2. Malicious code: 41.6
  3. Web-based attacks: 23.5
  4. Denial of service: 13.1
  5. Stolen devices: 10.7
  6. Phishing and social engineering: 9.1
  7. Malware: 3.6
  8. Botnets: 2.4
  9. Viruses, worms, and trojans: 2.3

Managing Security Risks in a New Era of Security Threats

Ponemon Study Shows that Organizations Utilizing SIEM Technology Achieve a Higher Level of Security Effectiveness.

The challenges facing chief information security officers today are more pressing than ever. Even with the advancement of technologies, security threats continue to evolve and proliferate. Hackers are finding new ways to implement sophisticated methods of cyber attacks, and cyber criminals are more persistent in working their way to successfully steal data in return for a highly lucrative payout. As the cost of cyber crimes each year also continue to escalate, chief information security officers need to be certain that they are managing their organizations’ security risks effectively.

In the Ponemon Institute research, the study also measured the security posture of participating organizations as part of the benchmarking process. The report concluded that security posture is inversely related to the cost of cyber crime and that the organization’s security posture influences the cost of cyber crime overall. The research first compared the security effectiveness scores (SES) of companies utilizing SIEM and non-SIEM users. The study found that users of SIEM tools realize a higher SES score compared to non-SIEM users. Second, the study compared SIEM and non-SIEM users on average cost of cyber crime. The statistics showed that organizations utilizing SIEM achieve a lower overall cost (by 24 percent) compared to organizations that do not use SIEM. This result suggest that SIEM improves a company’s security posture, thereby reducing its overall cost of cyber crime. Third, the report compared the percentage cost for recovery, detection, and containment cost centers for both SIEM and non-SIEM groups. The research determined that companies implementing SIEM technologies experience a significantly lower cost of detection by a difference of 11%. Furthermore, the Ponemon study analyzed the relationships between identifying and detecting Advanced Persistent Threats (APT) and the use of SIEM technologies during a four-week benchmarking period. 74% of SIEM companies detected the existence of APTs during the four-week benchmark period. In comparison, only 10% of non-SIEM companies detected APTs during the four-week benchmark period. The ability to detect and defend the organization from Advanced Persistent Threats may explain why SIEM implementation lowers the overall cost of cyber crime.


Security risks are increasing in quantity and complexity, while at the same time successful cyber attacks are significantly impacting an organization’s operations and success. Reversing these trends requires a new security approach that reduces the risk of cyber attacks, financial loss, and reputation damage. The Ponemon study overall supports the need for a new approach to enterprise security. The report individually addressed the core process-related activities that drive a range of expenditures associated with a company’s cyber attacks. According to the report, mitigations of both cyber attacks and costs associated with the recovery, detection, and containment requires enabling SIEM technologies. The utilization of SIEM technology makes a vital impact on both the security effectiveness and security posture of businesses and organizations.

“Businesses and organizations worldwide are facing a new era of security risks and persistent cyber attacks,” said Loyal Moses, CEO at Tactical FLEX, Inc. “We help enterprises of any size meet these security challenges and to become more proactive in detecting and preventing various forms of malicious cyber attacks from actualizing and disrupting business operations. We understand safety lies in monitoring computer security network systems and improving network visibility around-the-clock. Without capable network security technology that delivers complete network visibility, threat management, local network-security situation awareness, and forensic analysis, organizations are forced to operate in a reactive mode after attacks have occurred. Our Aanval SIEM and IDS solutions play an important role in securing many enterprises in numerous industries. Successful mitigations of malicious insiders and external cyber attacks requires enabling technologies such as Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS).” Over 6,000 organizations from various industries around the globe use Aanval because it provides a proactive tool to combat aggressive cyber threats and safeguard their virtual and physical assets.

To learn how Aanval SIEM and IDS solutions can help your organization mitigate security risk and provide effective network monitoring, please contact (800) 921-2584 or email sales.group [at] tacticalflex.com.