"Japan’s National Institute of Information and Communications Technology (NICT), which has a network of a quarter of a million sensors, said there were 25.66 billion attempts to compromise systems," according to a report by Kyodo News at Securityaffairs.com.
The big issue here is that MOST of the companies that were attacked had no visibility into the actual attack and none to recognize a breach.
Many assume that everything that occurs pre firewall has no effect on their networks but they are wrong.
Pre Firewall attacks cause WAN/Internet access issues and disrupt all RTP flows like VoIP, teleconferencing and many advanced applications, so having visibility - and thus knowledge - of how the network usually performs is an essential element in securing your network and the data therein.
The article from Kyodo News is evidence of how little corporations know about their networks. For example, Japan NICT recognized 25 Billion cyberattacks but less than 10% of those affected reported any aberrant network behavior because of the common “head in the sand” management philosophies - "If I do not know about it I cannot be held responsible."
New legislation will lead to many “head in the sand” CISO’s etc to be fined, as well as the company they are supposed to be protecting.
2015 will be the year of fines, liabilities and prosecution for negligent corporate behavior when it comes to protecting data. Every network should have at least a TAP pre and post firewall so IT teams can:
- Get an understanding of attack processes before they breach your firewall
- See when an attack is becoming successful and a breach is in the making
- Take measures to defend against a successful breach
- Assess what damage is caused by the breach (i.e. Records lost or compromised, servers attacked, applications attacked, storage/records attacked and any APT’s left post breach)
- Measure if their post breach mitigation and remedies are successful and star the cycle again
This year fines will be based on the number of records that were proved to be compromised. If a company cannot prove how many records were stolen, the FTC and other regulatory organizations Federal, State and Professional will assume that every record held was compromised. So far, the average fine per record is about $300.00 not including remediation, rebuilding the network with more protection, loss of public image, employee confidence, stock value and all the other tangibles.
Let me put this in a different financial prospective – Lets say that you are a medium company with 100,000 data records and you are breached.
First the fines will be ~300 X 100,000 = ~$30 M, then the cost of lost business, and civil liabilities, the cost of remediation and down time, plus the cost of required protection of those individuals and corporations for 2 years…so the cost could easily reach 3 times the fines. The average cost for each lost or stolen record containing sensitive and confidential information increased from $188 to $201. (Note** in 2015 with new state fines and federal fines this cost has been estimated to be near double the 2014 cost; the estimation is ~$400 per record).
The total average cost per breach fines and basic requirements paid by organizations increased from $5.4 million to $5.9 million in 2015 the estimate is near double this cost. These figures do not include internal remediation costs or the cost of new equipment and software or ongoing liabilities and loss of business.
In 2013 it was estimated that the average cost per minute of unplanned downtime was $7,900, up a staggering 41 percent from $5,600 per minute in 2010, according to a survey from the Ponemon Institute.
The question I always hear from management is, "What is this visibility plane, new firewall, monitoring equipment, etc. going to cost me?"
The question should be what is a breach going to cost my company and my professional reputation: spend 30 to 100K$ now or 30 to 100 M$ later because the matter is not if you will be attacked but when, by what method, and how you could see the attack and be able to take preventative actions to protect or recognize a breach immediately and not take the current average of 170 day to find a breach.
The answer should be I MUST HAVE a visibility plane to save my company and my reputation and severe financial losses.
So far this year we have doubled the number of successful cyberattacks (breaches) and tripled the number of personal records stolen/acquired by hackers in the U.S.
Even Lloyds of London was hacked this month and brought on the stated concern that insurance companies cannot long afford to insure networks and corporate liabilities at the current rate of attack success.
A visibility plane will not only assist in securing your network but help you better manage your network add security and value to a successful business.
Avoid becoming a statistic in the next data breaches report by learning how see your baseline traffic.
Download, How to Determine Your Baseline Traffic, by Tim O'Neill, for a step-by-step guide with typical measurements and screen shots.