The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager EMEA, Enterprise Security Products Twitter: actionlamb 2 Key Primary Research: Cyber Risk Report 2015 Ponemon Cost of Cyber Crime Study 2014 Zero Day Initiative HP Internal Research Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3 average time to detect breach 243 days 2014 March April May June July August September October November December 2015 January February March of breaches occur at the application layer of breaches are reported by a 3rd party Since 2010, time to resolve and attack has grown Average time bad guys are inside before detection Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4 Number of seats in the UK sample Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5 Industry Sector of participants in the UK sample 6 Average cost of cyber crime was 3.56 million per year per organisation Up 17% YoY Range was 0.545m - 14m 7 Average time to resolve a cyber attack was 26 days Average cost of resolution was 256k 8 Average time to contain a malicious insider was 70 days! 9 Business disruption accounted for 47% of external costs 10 Recovery and detection accounted for 54% of internal activity cost 11 Security Intelligence Systems led to average savings in excess of 1.1m per organisation per year Reduction in cost of cyber crime per org per annum based on enabling tech 13 Enterprise Security Governance Practices reduced average breach costs by 621k per annum Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14 Research: Top concerns for IT executives 67% 66% 63% 54% Extremely concerned Somewhat concerned Not very concerned Data privacy and information breaches Lack of skilled resources to effectively manage security Risk associated with more consumption of apps/IT services across public, private & hybrid cloud Risk associated with more consumption of apps/IT services Source: HP 20:20 CIO Report, 2012 Focus: Security Breach Management Focus: Security Intelligence Focus: Cloud Security Focus: Integrated GRC Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15 Worldwide Security Trends & Implications Cyber threat 56% of organizations have been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach Cost of protection 8% of total IT budget spent on security Reputation damage 30% market cap reduction due to recent events Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research Reactive vs. proactive 60% of enterprises spend more time and money on reactive measures vs. proactive risk mgmt Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16 Key Finding #1 Well-known attacks are still commonplace. Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17 Old vulnerabilities still going strong The Zero Day Initiative team coordinated the disclosure and remediation of 400+ new high-severity vulnerabilities in 2014 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18 Key Finding #2 Misconfigurations are still a significant problem Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19 Misconfigurations are too common Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20 Key Finding #3 Newer technologies such as mobile and the Internet of Things introduce new avenues of attack. Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21 (IoT) devices averaged 25 vulnerabilities per product, indicating expanding attack surface for adversaries 2014 was the year of Point-of-sale (POS) systems targeted malware attacks Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22 Key Finding #4 Determined adversaries are getting more sophisticated. Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23 Key Finding #5 Complementary protections fill out coverage. Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25 Invest 1 in people and processes Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26 Align 2 with business Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27 Build in and share actionable threat intelligence 3 Thank you. 28