HP has sponsored a new edition of the Ponemon study of crime commited via computers. The results are trending in the direction everyone expects: upward, with cyber-crime now topping $11 million per typical breach in the US. The chart above tracks the frequency of the type of crime committed. Malware, viruses, worms and trojans are on just about every company's report. Where the cyber-attack takes place -- the location of the webserver -- makes a difference in the cost of the breach.
We found that US companies are much more likely to experience the most expensive types of cyber attacks, which are malicious code, denial of service and web-based incidents. Similarly, Australia is most likely to experience denial of service attacks. In contrast, German companies are least likely to experience malicious code and botnets. Japanese companies are least likely to experience stolen devices and malicious code attacks.
HP worked hard in the late 1990s to establish Web server capability for the HP 3000 and MPE/iX. At first there was a product for sale from HP. A few years later, with little success of selling it, HP gave it away as part of the MPE/iX Fundamental Operating System. But even in FOS, serving web pages never caught on. Web page services, of course, are the top way to distribute malware, bots and other costly disruptors.
In a way, the lack of a Web capability has made the HP 3000 one of the least-attacked environments. But even a 3000 connected to the Internet in any way is susceptible to a hack. It's just tougher to steal something worth fencing, plucked out of an OS built with a ring of privilege at its heart. Not impossible, never. Because like the Ponemon report says, the most costly cyber-crime happens from within datacenter operations.
The report, which HP has sponsored for several years, calls those attacks from within "malicious insiders." They're the most costly of all kinds of cyber-attacks, based on 234 companies that Ponemon has surveyed. But the second- and third-most costly kinds of attacks are unlikely to be unleashed on MPE/iX systems: Denial of Service (DOS) and Web-based attacks.
The most expensive attacks are malicious insiders, denial of service and web-based attacks. In the context of our study, malicious insiders include employees, temporary employees, contractors and, possibly, business partners.
Detecting an attack and recovering from one make up the biggest chunk of the expense of cyber-crime. 54 percent of the cost comes from "productivity loss and direct labor." The latter segment is IT man-hours. The former might well include IT operations that need to be deferred or delayed while crime cleanup goes on. On average, a malicious insider attack takes about six weeks to recover from, according to the survey.
Software to protect computer systems from crime is complex, and according to a Network Computing article, requires significant care and feeding after it's been deployed in a company. The Ponemon report calls this software Security Intelligence Systems. Another common name for it is a Security Information and Event Management (SIEM) product. HP sells one that's well-regarded, ArcSight. Longtime HP 3000 vendor Quest Software has moved into the field with its own product.
The greatest target for cyber-crime appears to be Windows-based environments, since they're the most widely used in the world. It's also reflected in an InformationWeek study that shows Symantec's SIEM software is most-installed.
HP 3000s which are still serving credit card usage, or dealing with healthcare records, are the most likely candidates for these kinds of software solutions. The InformationWeek report said that e-commerce and HIPAA drove one out of every four SIEM deployments.
Those turn out to be some of the most likely 3000s to be used in an open-to-the-public setting, too. The costs go beyond the software's expense, of course.
Many SIEM products are expensive, but the full cost isn’t just the software or hardware. These products require extensive system integration to realize their potential. That means you must account for staff hours (or pay consultants) for installation and configuration, as well as integration with other products. SIEM products rely on databases for event and log analysis, which means database administrator resources must also be considered, not only for the ini- tial configuration of the product but also on- going maintenance and tuning. And of course, IT and security teams will need to be trained to use the product. These factors af- fect your total SIEM cost. As one respondent said, “Total cost of acquisition and operating is elusive. When you purchase a SIEM solution, the work is just beginning."
Return on investment for deploying security intelligence is small, at 21 percent. But the cost is reasonable compared to the attack's aftermath -- company reputation, fines and restitution. Ponemon's survey said
Companies deploying security intelligence systems experienced a substantially higher ROI at 21 percent than all other technology categories presented. Also significant are the estimated ROI results for companies that extensively deploy encryption technologies and advanced perimeter controls.
Most 3000s have a perimeter to defend, if nothing else. Keeping a system useful means putting it on a network, and any outside-facing network is going to require defense. If numbers from an outside source can be useful in getting funded for this kind of defense, Ponemon summed up the take-aways.
- Cyber crimes are costly. We found that the average annualized cost of cyber crime for 234 organizations in our study is $7.2 million per year, with a range of $375,387 to $58 million. This represents an increase in cost of 30 percent from the consolidated global results of last year’s cyber cost study.
- Cyber attacks have become common occurrences. The companies in our study experienced 343 successful attacks per week and 1.4 successful attacks per company per week. This represents an increase of 20 percent from last year’s successful attack experience. Last year’s study reported 262 successful attacks on average per week.
- The most costly cyber crimes are those caused by malicious insiders, denial of service and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions.
Many smaller companies use HP 3000s, and Ponemon's research shows that this size of organization seems to be most susceptible to the kind of attack rarely seen on an MPE/iX system.
Smaller organizations (below the median of enterprise seats) experience a higher proportion of cyber crime costs relating to viruses, worms, trojans, phishing, malware and botnets. In contrast, larger organizations (above the median) experience a higher proportion of costs relating to denial of services, malicious insiders, web-based attacks, stolen devices and malicious code.