Cyber Security Begins with A Plan

The frequency of online attacks against U.S. business continues to increase, along with the cost of defending against those attacks and mitigating any resulting data breaches. Cyber crime now costs a U.S. business $8.9 million per year, an increase of 6% from 2011 and 38% from 2010. Those findings come from the “2012 Cost of Cyber Crime Study,” which was sponsored by security intelligence tool vendor HP and released Monday (10/8/2012) by Ponemom Institute. The businesses profiled in the study also reported that on average, they’re collectively seeing 102 successful attacks per week, up 72 attacks per week in 2011 and 50 attacks per week in 2010.

The average breach costs $214 per record compromised; another cost factor is that it’s taking businesses longer to respond to security breaches. On average, it now takes a business 24 days to spot and resolve an attack, although some cleanup operations extended to 40 days. On average, each cleanup cost $592,000, a 42% increase from the average reported in 2011 of $416,000. (Ponemon Institute and Hewlett Packard- 2013).

Cyber Security begins with a plan. This plan should be developed based on the requirements and risk of protecting third party Non Public Information (NPI). Requirements are driven by federal, state and self-regulatory organizations (SRO) representing the best practices and minimum techniques used to protect NPI and the account of its use. Risk is the harm lost NPI can do to an individual, family or company when used to conduct crime.

Cyber crime can fall into two categories, Active and Passive Cyber crime. Active is when the crime attacks a target directly. Identity thief, credit card fraud, processing platform takeover and website shut downs. Passive attacks listen to the party line (Internet) to collect information which is not public, intercepting executive communications on financial decisions, intellectual property, legal strategies or summarized as “the stock tip.”