SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

Measuring the high costs of web malware protection

Mon 5 Sep 2016
FYI, this story is more than a year old

A ransomware attack is terrible for consumers, employees and businesses – and you can put a price tag on recovery. 

According to FBI’s report in April 2016, “Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers,” as reported by CNN. A typical ransomware might demand a payment of $10,000 or more; such as how the Hollywood Presbyterian Medical Center forked over $17,000 in February.

Just as importantly, the costs of recovering from a ransomware or other cyberattack are well understood…but how much should an organization spend to prevent one in the first place?

CEOs and others accept that they have to invest in cyber-protection. The bad news is that it is difficult to judge if they are spending wisely, not overspending out of fear. The good news is that there are ways to spend smarter, getting a better security posture while also reducing expenditures. Let’s get into that shortly, but first, let’s look at one of the biggest attack surfaces facing modern businesses: Websites that can deliver malware, including ransomware.

How the web can wreak havoc

Websites are one of the most common malware vectors (along with malicious emails) that can provide the entry point to many other types of hack attacks. Block access to the web, and you’ve made a dent in overall cybersecurity risks.

There are more than 550 million malware variants, reports AV-TEST, with more than 390,000 new malicious programs being identified every day. There are multiple ways malware gets into an end-user’s computer – and from there, the malware might have unfettered access to everything on that computer and other resources on the business network.

In many cases the end user did absolutely nothing wrong… but became infected anyway. Blocking access to these uncategorized sites reduces the chances of malware infection, but introduces a number of problems and hidden costs, such as more help-desk tickets.

The problems with allowing access to uncategorized sites

  • Risk: The risk of malware from allowing access to uncategorized sites it significant. A large Fortune 50 financial services institution tasked their security research team to analyze the sources of malware infections for 3 months. Their internal report showed that more than 60% of the infections were from uncategorized sites. These infections are costly given that a large enterprise can spend an average of almost 600 hours each week on malware containment. Considering $82 per SOC-engineer-hour X 52 weeks X 600 hours per week, that’s more than $2.5M spent annually on that one task.  
  • Cost of sanitizing infected machines: Sanitizing infected machines can be quite costly. A large service provider in Asia was forced to re-image and average of eight end-point devices each week because they no longer believed they could successfully disinfect machines using traditional antivirus solutions. An internal analysis showed that this practice cost them US $3-4 million per year in IT and productivity loss.  
  • SOC costs: Allowing uncategorized sites means more security alerts. In Japan, and most regulated industries across the globe, every alert from every security product has to be fully analyzed for possible endpoint compromise. According to the Ponemon Institute, two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence. It costs organizations an average of $1.27 million annually in time wasted responding to erroneous or inaccurate malware alerts.  
  • SOC turnover: The average employment term of SOC engineers is roughly a year, after which they resign due to alert-fatigue – that is, they are simply overwhelmed by the repetitive work of responding to all those security alarms. Recruiting costs in this area are high, as it is increasingly difficult to hire qualified SOC engineers. This is because fresh graduates are more compelled to build apps rather than learn security and forensics, a career path with a steep learning curve and a high-degree of expertise required to make sense of the complexities.

Consider a base salary of $170,000, and the typical 25% recruiting costs to fill those jobs. If there’s a conservative 40% turnover rate within a 5-person team, the recruitment cost alone is $85,000 per year. If you consider the opportunity cost of two existing SOC engineers spending 25% of their time training two new employees, the cost is an additional $85,000 per year. Combine these, and the total annual turnover cost is $170,000.

The problems with denying uncategorized sites

Number of Trouble Tickets: Denying uncategorized sites creates an overwhelming number of recategorization requests. For a global investment firm, the number of tickets to recategorize per day was approximately 2000 across 250,000 employees. More than 75% of these requests were non-work related like veterinarian research, schools, soccer little league, etc. With more than 5 dedicated people parsing through the requests, the issue was frustrating and expensive, costing approximately $850,000 per year.

Recategorization experts – Recategorization is a manual process. A European insurance provider and a large Japanese manufacturer were inundated with such requests when they began blocking access to uncategorized sites. The issue was compounded by the fact that their secure web gateway could not help them to determine the security posture of the sites in question.

The organizations had 16 and 5 security analysts respectively dedicated to analyzing sites before recategorization. Another global financial services firm had a staff of 20 around the world to, in their own words, “recreate the Yahoo index.” With a conservative SOC staff of 5, this team cost an enterprise over #3 million annually.

Looking at it another way: Blocking uncategorized sites prevents users from accessing legitimate content, which compromises productivity, and generates requests for re-classification of blocked content. Meanwhile, allowing access to uncategorized sites means more malware and phishing attacks reach users, which can lead to breaches and significant losses via data theft and fraud. In addition to user issues, it is very costly (often impossible) for IT staff to chase all alerts generated by unclassified sites, resulting in high costs and reduced security. You just can’t win with a traditional approach.

A more effective strategy: Isolation

Isolation technology, by its nature, doesn’t open websites on the end-user desktop, notebook or mobile device, but rather, in a secure virtual container on a cloud-based platform. The end user interacts with the site through technology that renders a user experience that is indistinguishable from direct access.  By executing sessions away from the endpoint and delivering only safe rendering information to devices, users are protected from malware and malicious activity.

Malware has no path to reach an endpoint, and legitimate content needn’t be blocked in the interest of security. Administrators can open up more of the Internet to their users while simultaneously eliminating the risk of attacks,   

Isolation puts an end to their costly no-win situation:

  • Risk: No active web content reaches the endpoint, thus uncategorized sites present zero risk.
  • Cost of sanitizing infected machines: Isolation eliminates the web as a malware threat vector, drastically reducing number of machines to be reimaged. Reduces the urgency around patching machines for every browser and plug-in vulnerability.
  • SOC costs: Isolation stops threats before they are detected by traditional solutions, eliminating erroneous or inaccurate malware alerts.
  • SOC turnover: Alert fatigue is minimized along with SOC staff turnover.
  • Number of Trouble Tickets: Employees are more productive and are now free to safely explore the web without submitting recategorization requests

Meanwhile, no software needs to be installed on the end-user’s desktop, notebook or mobile devices – not only saving IT time and money, but also eliminating concerns about keeping end-user software up-to-date.

With more than 550 million malware variants, and hundreds of thousands of new malware being discovered every day, the traditional approach to malware detection has many hidden costs – in time, in talent, and in staffing, as well as the cost of buying and maintaining security products.

Article by Kowsik Guruswamy, Menlo Security chief technology officer. 

Related stories
Top stories
Story image
Security Information and Event Management (SIEM)
LogRhythm updates SIEM Platform with latest innovations
LogRhythm has announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA.
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Apple
Jamf introduces new content filtering solution for education providers
Jamf has announced the launch of Jamf Safe Internet, a new offering that looks to deliver a safe online experience to students while offering better management options for admins.
Story image
Cybersecurity
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
Story image
Cyber Criminal
Identity and access: the fight is on
Blue team defenders are used to protecting our data, applications, and users with access controls and other security mechanisms, which is why attacks like this are especially challenging when they target identity and access control systems.
Story image
Cybersecurity
Delinea’s Joseph Carson recognised with OnCon Icon Award
Delinea chief security scientist and advisory CISO Joseph Carson has been recognised as a Top 50 Information Security Professional in the 2022 OnCon Icon Awards.
Story image
Trend Micro
5G network projects driven by improving security and privacy
Trend Micro's new study reveals the prospect of improved security and privacy capabilities are the main motivations behind private 5G wireless network projects.
Story image
Remote Working
RDP attacks on the rise, Kaspersky experts offer advice
"Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
Story image
Internet of Things
ManageEngine wins big in IDC MarketScape assessment
ManageEngine's Endpoint Central service has been recognised as a leader by IDC MarketScape in several categories including Internet of Things device deployments and UEM software for SMEs.
Story image
Gartner
Gartner's top recommendations for security leaders
"Leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, philosophy, program and architecture.”
Story image
Compliance
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Research
New study reveals 51% of employees using unauthorised apps
The research shows that 92% of employees and managers in large enterprises want full control over applications, but they don't have it.
Story image
Cybersecurity
Security driving customer identity & access management adoption
"CIAM allows businesses to embed a secure identity layer into their consumer and SaaS applications, facilitating secure, seamless end user experiences."
Story image
HP Inc
Firmware attacks significant threat in age of hybrid work
Changing workforce dynamics are creating new challenges for IT teams around firmware security, according to new research.
Story image
Malware
Colt launches new SASE Gateway solution with Versa
Colt Technology Services’ customers now have access to an integrated full SASE solution that brings together SD WAN and SSE features.
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from CrowdStrike
Scott Jarkoff joins us today to discuss current trends in the cyber threat landscape, and the reporting work CrowdStrike is doing to prevent further cyber harm.
Story image
Vendor
Forescout reveals top vulnerabilities impacting OT vendors
Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.
Story image
Compliance
Stock security features inadequate in face of rising risk
"Organisations must proactively find ways of identifying unseen vulnerabilities and should take a diligent, holistic approach to cybersecurity."
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Cybersecurity
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
Infosys
Preparing for the digital decade with the right workforce strategies
For a decade that started under the pall of the pandemic, the 2020s is poised to end with a bang with the digital economy swelling to a high across the world.
Story image
Tech job moves
Tech job moves - ActiveCampaign, Arcserve, LogRhythm & Qlik
We round up all job appointments from June 17-22, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Identity and Access Management
Ping Identity launches corporate venture capital fund
Ping Identity has launched a corporate venture capital fund to foster innovative offerings for the identity security market.
Story image
Cybersecurity
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Cloud Security
Palo Alto Networks bolsters cloud native security offerings
Latest Prisma Cloud platform updates help organisations continuously monitor and secure web applications with maximum flexibility.
Story image
Oracle Cloud
Commvault, Oracle to deliver Metallic Data Management as a Service
"We are excited to partner with Commvault and enable our customers to restore and recover their most mission-critical cloud data."
Story image
Cybersecurity
Vulnerable APIs costing businesses billions every year
Large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as they accelerate digital transformation.  
Story image
Solutions
Progress launches latest version of network visibility solution
In Flowmon 12 network solution, Progress has expanded its support for public cloud provider flow log monitoring and launched new features.
Story image
Artificial Intelligence
Juniper study reveals top AI trends in APAC region
Juniper's research shows an increase in enterprise artificial intelligence adoption over the last 12 months is yielding tangible benefits to organisations.
Story image
Cybersecurity
Significant security concerns resulting from open source software ubiquity
"The risk is real, and the industry must work closely together in order to move away from poor open source or software supply chain security practices."
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Story image
Cybersecurity
Zero trust security adoption rises 27% in just two years
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
Story image
WatchGuard Technologies
Ransomware volume doubled 2021 total by end of Q1 2022
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to a new report. 
Story image
Cybersecurity
Email threats spike 101%, remains a top attack vector
"Each year we see innovation in the threat landscape, but each year email remains a major threat to organisations."
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Network Security
Netskope announces zero trust network access updates
Customers can now apply zero trust principles across a range of hybrid work security needs, including SaaS, IaaS, private applications, and endpoint devices.
Story image
Cybersecurity
FIDO Alliance releases guidelines for optimising UX with FIDO Security Keys
The new guidelines aim to accelerate multi-factor authentication deployment and adoption with FIDO security keys.
SonicWall
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Ransomware
Secureworks reveals new information on BRONZE STARLIGHT threat group
New research from Secureworks has uncovered new information on the Chinese threat group BRONZE STARLIGHT and how they are using targeted ransomware to initiate complicated attacks.
Story image
Digital Transformation
What CISOs think about cyber security, visibility and cloud
Seeking to uncover the minds of CISOs and CIOs across Asia Pacific, my company recently asked Frost & Sullivan to take a snapshot of cloud adoption behaviour in the region.
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.