Flipping the economics of attacks

How much does it cost technically proficient adversaries to conduct successful attacks, and how much do they earn? The research study from Ponemon Institute, commissioned by Palo Alto Networks, looks at the relationships between the time spend and compensation of today’s adversaries and how organisations can thwart attacks.

As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.

In this study, we surveyed 304 threat experts in the United States, United Kingdom and Germany. We built this panel of experts based on their participation in Ponemon Institute activities and IT security conferences. They were assured their identity would remain anonymous. Twenty-one percent of respondents say they are very involved, and 79 percent of respondents are involved in the threat community. They are all familiar with present-day hacking methods.

Attackers are opportunistic. Adversaries go after the easiest targets first. They won’t waste time on an attack that will not quickly result in a treasure trove of high-value information, according to 72 percent of respondents. Further, attackers will quit when the targeted company has a strong defense, according to 69 percent of respondents.

Cost and time to plan and execute attacks are decreasing. According to 53 percent of respondents, the total cost of a successful attack has decreased, driving even more attacks across the industry. Similarly, 53 percent of respondents say the time to plan and execute an attack has decreased. Of these 53 percent of respondents who say it takes less time, 67 percent agree the number of known exploits and vulnerabilities has increased, 52 percent agree attacker skills have improved and 46 percent agree hacking tools have improved.

Increased usage of low-cost and effective toolkits drives attacks. Technically proficient attackers are spending an average of $1,367 for specialised toolkits to execute attack. In the past two years, 63 percent of respondents say their use of hacker tools has increased and 64 percent of respondents say these tools are highly effective.

Time to deter the majority of attacks is less than two days. The longer an organisation can keep the attacker from executing a successful attack the stronger its ability to safeguard its sensitive and confidential information. The inflection point for deterring the majority of attacks is less than two days (40 hours) resulting in more than 60 percent of all attackers moving on to another target.

Adversaries make less than IT security professionals. On average, attackers earn $28,744 per year in annual compensation, which is about one-quarter of a cybersecurity professional’s average yearly wage.

Organisations with strong defenses take adversaries more than double the time to plan and execute attacks. The average number of hours a technically proficient attacker takes to plan and execute an attack against an organisation with a ‘typical’ IT security infrastructure is less than three days (70 hours). However, when the company has an ‘excellent’ IT infrastructure the time doubles to an average of slightly more than six days (147 hours).

Threat intelligence sharing is considered the most effective in preventing attacks. According to respondents, an average of 39 percent of all hacks can be thwarted because the targeted organisation engaged in the sharing of threat intelligence with its peers.

Investments in security effectiveness can reduce successful attacks significantly. As an organisation strengthens its security effectiveness, the ability to deter attacks increases, as shown in this report. The following are recommendations to harden organisations against malicious actors:

Create a holistic approach to cyber security, which includes focusing on the three important components of a security programme: people, process and technology.
Implement training and awareness programmes that educate employees on how to identify and protect their organisation from such attacks as phishing.
Build a strong security operations team with clear policies in place to respond effectively to security incidents.
Leverage shared threat intelligence in order to identify and prevent attacks seen by your peers.
Invest in next-generation technology such as threat intelligence sharing and integrated security platforms that can prevent attacks and other advanced security technologies.

The economic motivation of attackers

What motivates an attacker? 69 percent of respondents in this study are motivated by money. While many attackers may be hoping for a big ‘payout,’ reality can be quite different. The findings reveal that attackers on average receive $28,744 for an average of 705 hours spent on attacks annually.
Of course, some attackers do ‘earn’ more than the average. However, this compensation is 38.8 percent less than the average hourly rate of IT security practitioners employed in the private and public sector.

Inflection point: When malicious actors call it quits

Time to deter the majority of attacks is less than two days. The survey asked respondents how much time it takes to plan and execute web-based and malicious code attacks and if the time has increased, decreased or stayed the same. The study also examines how many of these attacks are successful and when does an attacker call it quits.

The longer an organisation can keep the attacker from executing a successful attack, the stronger its ability to safeguard its sensitive and confidential information. While no organisation has unlimited resources to spend hardening itself against malicious actors, understanding the amount of time until attackers’ efforts are no longer potentially profitable will help the leadership prioritise investments in the appropriate technologies.

Time is the enemy of an attacker. The more time that passes before a successful attack can execute, the more likely an organisation can stop it. For example, a delay of five hours in conducting a successful attack deters 13 percent of attacks, a delay of 10 hours can reduce 24 percent of attacks, and 20 hours deters 36 percent of attacks. On average, a technically proficient hacker will quit an attack and move to another target after spending less than nine days without success.

Hardening the organisation against attackers

Threat intelligence sharing is considered most effective in preventing attacks. To make it more difficult to execute a successful attack, the solution is to exchange threat intelligence with peers and to invest in the appropriate technologies to strengthen an organisation’s security posture. An average of 39 percent of all hacks can be thwarted because the targeted organisation engaged in the sharing of threat intelligence with its peers. Additionally, out of all technologies available, threat intelligence sharing was cited by 55 percent of respondents as the most likely to prevent or curtail successful attacks.

It is clear the attack landscape has changed. Each day we see more successful data breaches against organisations around the globe. This study has exposed as important element of this criminal underground, which can often be missed when headlines about the next Big Data breach dominate the front page: the economic motivation of cybercriminals and how we can use this information to turn the tables on them. The findings clearly show the profit-based motivation of attackers, which means the same economic forces are at work for them as for major businesses. Adversaries are in it for the quick and easy payday, with the majority of them making far less than comparable IT security professionals.

Ponemon Institute expects the cost of attacks to continue to decrease, as attackers become more skilled and automated toolkits are improved and in widespread use, as well as other factors examined in this survey. There is another side to the cost equation though, which the security community can use to keep it safe. We can change the economics of attacks, by putting up a better defense, which takes attackers much longer to overcome.

This survey has shown how attackers will divert their attention to other targets after an increase in the time it takes to breach an organisation of less than two days. Like many businesses, adversaries are constantly weighing the potential profit versus cost, which includes the time it takes them to be successful. As a security community, we must take into account the motivation and economic environment surround attacks, not just technical solutions to the problem.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

AI and advanced analytics drive sustainability and efficiency

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

Pure introduces first external block storage for Azure VMware Solution

RUCKUS Networks launches AI-driven solutions for hospitality

Genetec announces availability of Security Center SaaS

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Omnix International leads innovation and performance with its HOT systems’ laptops