SDN Journal Authors: Pat Romanski, Elizabeth White, Yeshim Deniz, Destiny Bertucci, Liz McMillan

Related Topics: Cloud Security, Java IoT, Microservices Expo, Agile Computing, @CloudExpo, SDN Journal

Cloud Security: Article

Network-Based Attacks: How Much Can They Cost You?

Techniques and resources for IT managers to develop their own cost model

Every business acknowledges that network security is critical. But how do you quantify the business value that a secure network provides? And how does an enterprise evaluate and justify investing in network security products like next-generation firewalls, intrusion prevention systems and unified threat management appliances?

While there is no exact formula or "cost of attacks" calculator, there are some useful guidelines and research studies that can provide techniques and resources for IT managers to develop their own cost model. There are three core areas that are important for assessing the impact of network-based attacks and the "prevention value" of next-generation firewall technologies:

  • Defining the different types of network-based attacks
  • Understanding how those attacks can affect your bottom line
  • Methods of quantifying the impact of those attacks

Types of Network-Based Attacks
There are hundreds of types of network-based attacks that can damage an organization. The most common forms include:

  • Viruses, Trojans, worms and other malware that can shut down servers and workstations, or steal data.
  • Advanced persistent threats designed to penetrate networks and surreptitiously steal intellectual property and confidential information.
  • Distributed denial-of-service (DDoS) and flooding attacks that can overwhelm servers and shut down web sites.

How Network-Based Attacks Can Affect Your Bottom Line
This is where it hurts - attacks cause two major categories of harm, regardless of the source: data breaches and loss of service.

Data breaches are always a topic of sensational news coverage, as they result in confidential information being captured and surreptitiously removed out of the organization into the hands of criminals or competitors.

The damage caused by data breaches is visible and very painful. They can be financial (lost revenue, legal and regulatory costs, lawsuit awards and fines) "soft" costs (loss of customer goodwill and loyalty) and loss of competitiveness (through loss in intellectual property). Companies that have suffered data breaches spend an inordinate amount of time and money in detection and technical remediation costs identifying and blocking attacks as well as assessing damage and putting corrective measures in place. In addition, the negative publicity over a data breach lasts far beyond the attack itself.

Denial-of-service attacks result in computer systems - workstations as well as web, application or database servers - being degraded or completely disabled.

The damages in this scenario can also be catastrophic. Commerce slows to a crawl or stops altogether, so revenue is directly impacted. Day-to-day processes are interrupted or employees cannot do their jobs because the network is down.  As with data breaches, there's a real cost associated with IT and support staff having to diagnose problems, coach employees, restart services and re-image PCs.

How to Estimate the Costs?
There is no one-size-fits-all cost model.

Two independent sources that can help IT quantify the impact of network-based attacks can be found in a March, 2012 study from Ponemon Institute, and the NetDiligence® Cyber Liability & Data Breach Insurance Claims Study published in October, 2012.

The Ponemon Institute conducted in-depth interviews late in 2011 with 49 U.S. companies in 14 industries that had experienced the loss or theft of customers' personal data. Some of the key findings:

  • The average total cost of a data breach: $5.5 million.
  • Lost revenue per breach: $3 million
  • Post-data breach costs: $1.5 million (everything from help desk, remediation, customer discounts and more)

The per-record figures - which are based on fairly large quantities (typically 100,000+ records) - can give IT managers at least some sense of the cost associated with data breaches, scaled to the size of the enterprise and the number of threats typically faced.

The NetDiligence study analyzed published a study of 137 events between 2009 and 2011 that resulted in insurance companies making payouts on cyber liability claims. Average payouts:

  • Legal settlement per event: $2,100,000
  • Legal defense per breach $582,000
  • Total average insurance payout costs per event: $3.7 million

While these two studies measure different elements of the costs associated with network attacks, they are consistent in one sense - both illustrate just how costly network attacks really are to a company's bottom line, its reputation and its ability to compete.

Beyond these numbers, there are some back-of-the envelope calculations that can help justify the investment needed for next-generation network firewall technologies:

  • The revenue loss for every hour your web site is down or significantly impaired because of a DDoS attack.
  • The productivity loss for every hour a key business process is down because of malware disabling the server.
  • The hourly rate for help desk personnel to diagnose malware infections on PCs and for the support group to re-image infected PCs.
  • The cost per record for notifying customers or employees in the event of a data breach and providing credit monitoring services to them for a year.

Two additional techniques may be helpful in estimating the costs of attacks. Some organizations have created detailed estimates of possible future ramifications by conducting "war game" simulations. These involve gathering a cross-section of company staff from IT, marketing, HR, legal and other functions, and running through an attack scenario. These exercises not only help quantify costs, but often turn up unexpected effects - for example, contractual obligations or the regulatory impact of data breaches.

Taking Action
How does this all net out for IT managers? The bad news: network attacks are costly, disruptive, potentially catastrophic on many levels and should be avoided at all costs. The good news: there is a rich tool and service set available to help understand exactly how data breaches and loss-of-service attacks can affect your company's bottom line. By comparing these costs with the preventative costs of next-generation protection technologies you are better armed and prepared to understand and articulate the financial and strategic value of increasing investment in securing your company's network. This is not just an academic exercise, it is a business imperative.

More Stories By Patrick Sweeney

Patrick Sweeney has over 20 years experience in high tech product management, product marketing, corporate marketing and sales development. Mr. Sweeney is Dell SonicWALL’s Executive Director, Product Management, where he oversees its Network Security, Content Security, Business Continuity and Policy & Management product lines. Previous positions include Vice President of Worldwide Marketing, Minerva Networks, Senior Manager of Product Marketing & Solutions Marketing for Silicon Graphics Inc, Director of Worldwide Sales & Marketing for Articulate Systems, and Senior Product Line Manager for Apple Computer. Mr. Sweeney holds an MBA from Santa Clara University, CA.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@CloudExpo Stories
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
@DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises - and delivering real results.
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 C...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Evan Kirstel is an internationally recognized thought leader and social media influencer in IoT (#1 in 2017), Cloud, Data Security (2016), Health Tech (#9 in 2017), Digital Health (#6 in 2016), B2B Marketing (#5 in 2015), AI, Smart Home, Digital (2017), IIoT (#1 in 2017) and Telecom/Wireless/5G. His connections are a "Who's Who" in these technologies, He is in the top 10 most mentioned/re-tweeted by CMOs and CIOs (2016) and have been recently named 5th most influential B2B marketeer in the US. H...