sb-nz logo
Story image

Survey finds businesses stung with $16m hidden cybersecurity costs every year

09 Feb 2018

Organisations around the world are being blindsided every year with the hidden costs of reactive, detection-based security.

Bromium has released the findings from a new independent global report that reveal the spiralling hidden costs, as the initial upfront licensing and deployment investment in security detection tools like anti-virus is completely dwarfed by the human cost of actually managing and assessing the millions of alerts and false-positive threat intelligence generated.

Staggeringly, the report found the average annual cost to maintain detect-to-protect endpoint security is around US$16.7 million per enterprise.

“Detection requires a patient zero – someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive,” says Bromium CEO Gregory Webb.

The data comes from a survey of 500 CISOs within enterprises around the world that is part of a wider report (The Hidden Costs of Detect-to-Protect), with the key findings including:

  • The average annual cost to maintain detect-to-protect endpoint security is $16,714,186, per enterprise
  • Organisations invest $345,300 per year on detect-to-protect security tools, but this cost is minimal compared to the hidden human costs
  • SOC teams receive over 1M alerts every year, but 75 percent are false positives
  • SOC teams spend 413,920 hours per year triaging alerts, an additional 2,448 hours rebuilding compromised machines, and 780 hours on emergency patching
  • All-together, that’s 417,148 hours per year, resulting in an annual labour cost of $16,368,886, per enterprise

“It’s no surprise that 63 percent of the CISOs we surveyed said they’re worried about alert fatigue. Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them,” says Webb.

“Meanwhile, advanced malware is still getting through because cyber criminals are focusing on the weak spots like email attachments, phishing links and downloads. This is why organisations must consider the total cost of ownership when making security investments, rather than just following the detect-to-fail crowd.”

It’s encouraging to see organisations are investing in multiple security layers to defend against hackers, with the research finding on average enterprises are annually investing $159,220 on advanced threat detection, $44,200 on next-generation and traditional anti-virus, $29,540 on whitelisting and blacklisting, and $112,340 on detonation environments.

However, Webb asserts these technologies are all dependent on detection first and therefore are fundamentally flawed as they only stop the known.

The answer, Webb says, is application isolation as provides the last line of defence in the new security stack and is the only way to tame the spiralling labour costs that result from detection-based solutions.

“Application isolation allows malware to fully execute, because the application is hardware isolated, so the threat has nowhere to go and nothing to steal. This eliminates reimaging and rebuilds, as machines do not get owned,” Webb says.

“It also significantly reduces false positives, as SOC teams are only alerted to real threats. Emergency patching is not needed, as the applications are already protected in an isolated container. Triage time is drastically reduced because SOC teams can analyze the full kill chain.”

To avoid being stung by the hidden costs, Webb says there are a number of questions CISOs should be asking during evaluations, such as:

  • Where are most of the attacks happening?
  • Are advanced threats getting through current defences?
  • Is employee productivity negatively impacted by current security measures?
  • How many alerts are being generated? Of those, how many are false positives?
  • Is it likely that machines will still get compromised and need to be rebuilt?
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
Trend Micro receives AWS Outposts Ready designation
rend Micro solutions are now fully and demonstrably capable of integrating with Outposts deployments.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More