Story image

Survey finds businesses stung with $16m hidden cybersecurity costs every year

09 Feb 2018

Organisations around the world are being blindsided every year with the hidden costs of reactive, detection-based security.

Bromium has released the findings from a new independent global report that reveal the spiralling hidden costs, as the initial upfront licensing and deployment investment in security detection tools like anti-virus is completely dwarfed by the human cost of actually managing and assessing the millions of alerts and false-positive threat intelligence generated.

Staggeringly, the report found the average annual cost to maintain detect-to-protect endpoint security is around US$16.7 million per enterprise.

“Detection requires a patient zero – someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive,” says Bromium CEO Gregory Webb.

The data comes from a survey of 500 CISOs within enterprises around the world that is part of a wider report (The Hidden Costs of Detect-to-Protect), with the key findings including:

  • The average annual cost to maintain detect-to-protect endpoint security is $16,714,186, per enterprise
  • Organisations invest $345,300 per year on detect-to-protect security tools, but this cost is minimal compared to the hidden human costs
  • SOC teams receive over 1M alerts every year, but 75 percent are false positives
  • SOC teams spend 413,920 hours per year triaging alerts, an additional 2,448 hours rebuilding compromised machines, and 780 hours on emergency patching
  • All-together, that’s 417,148 hours per year, resulting in an annual labour cost of $16,368,886, per enterprise

“It’s no surprise that 63 percent of the CISOs we surveyed said they’re worried about alert fatigue. Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them,” says Webb.

“Meanwhile, advanced malware is still getting through because cyber criminals are focusing on the weak spots like email attachments, phishing links and downloads. This is why organisations must consider the total cost of ownership when making security investments, rather than just following the detect-to-fail crowd.”

It’s encouraging to see organisations are investing in multiple security layers to defend against hackers, with the research finding on average enterprises are annually investing $159,220 on advanced threat detection, $44,200 on next-generation and traditional anti-virus, $29,540 on whitelisting and blacklisting, and $112,340 on detonation environments.

However, Webb asserts these technologies are all dependent on detection first and therefore are fundamentally flawed as they only stop the known.

The answer, Webb says, is application isolation as provides the last line of defence in the new security stack and is the only way to tame the spiralling labour costs that result from detection-based solutions.

“Application isolation allows malware to fully execute, because the application is hardware isolated, so the threat has nowhere to go and nothing to steal. This eliminates reimaging and rebuilds, as machines do not get owned,” Webb says.

“It also significantly reduces false positives, as SOC teams are only alerted to real threats. Emergency patching is not needed, as the applications are already protected in an isolated container. Triage time is drastically reduced because SOC teams can analyze the full kill chain.”

To avoid being stung by the hidden costs, Webb says there are a number of questions CISOs should be asking during evaluations, such as:

  • Where are most of the attacks happening?
  • Are advanced threats getting through current defences?
  • Is employee productivity negatively impacted by current security measures?
  • How many alerts are being generated? Of those, how many are false positives?
  • Is it likely that machines will still get compromised and need to be rebuilt?
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.