IDC just published an infographic on how credentials are abused by cyber criminals. These are interesting and important statistics:

  • 80% of companies will suffer at least one successful attack causing serious harm that requires remediation
  • 33% will not be able to prevent over half of the attacks

These stats explain why many security experts are advising companies to shift their security spending to detection mechanisms instead of relying too heavily on prevention.

Measuring incident cost versus breach cost provides great business case for more efficient incident detection and response

IDC takes a different approach to measuring financial impact of these attacks than the widely cited Ponemon studies. While Ponemon looks only at the cost of public breaches, IDC looks at the behind-the-scenes costs of security incidents that may not always require public disclosure.

On average, companies have 185 security incidents a year (that's about one every other day), incurring a total cost of $1.3 million even if a company doesn't have to disclose a major breach (in which case the much higher Ponemon numbers come into play, which also only tracks companies of 1,000 users and more).

In other words, simply being 30% more efficient at incident detection and investigation would save these companies $400,000 per year. For security professionals looking to convince their management of the value of investing in such technologies, this is a great number to build their business case on.

For example, spending $150,000 on a new incident detection and investigation solution can save the business $250,000 per year, on average. Tools that increase productivity by more than 30% can yield even better results.

Rapid7 UserInsight, for example, has helped a large organization with tens of thousands of users reduce their incident investigation by 80%. Using IDC's estimate, this gives them a savings of $1.04 million per year (80% of IDC's $1.3 million average), a very worthwhile return on their investment.

65% of attacks go unnoticed for weeks, days or months

IDC also expects the impact of security incidents to increase as more business functions store data in the cloud. In addition, more employees are using consumer-grade cloud services to store their corporate data. As a result, incident detection and investigation should extend beyond your local network and include cloud services, so that compromised credentials on cloud services are spotted before significant damage can occur.

Detection and remediation time also impacts the cost to IT. 65% of attacks go unnoticed for weeks, days or months – time during which the attacker can go deeper into the organization, causing more damage and making the clean-up work much harder and therefore more costly. That's why 73% of attacks take weeks or months to remediate. Detecting attacks earlier and enabling faster reaction times through efficient investigation not only saves time and money during the investigation but also reduces the amount of mess that incident responders and other parts of the business need to clean up.

Many companies worried about insider threats

37% of companies believe that serious threats originate from their own ranks, particularly contractors and temporary staff, remote employees, technical staff, and IT administrators. Security analytics solutions such as Rapid7 UserInsight can help identify malicious insiders through baselining their behavior across many variables and detecting outliers, in other words spot suspicious behavior.

If you'd like to check out UserInsight, please schedule a free guided UserInsight demo on the Rapid7 website.

Also check out part 2 of the commentary on the IDC infographic on compromised credentials.