sb-as logo
Story image

Survey finds businesses stung with $16m hidden cybersecurity costs every year

09 Feb 2018

Organisations around the world are being blindsided every year with the hidden costs of reactive, detection-based security.

Bromium has released the findings from a new independent global report that reveal the spiralling hidden costs, as the initial upfront licensing and deployment investment in security detection tools like anti-virus is completely dwarfed by the human cost of actually managing and assessing the millions of alerts and false-positive threat intelligence generated.

Staggeringly, the report found the average annual cost to maintain detect-to-protect endpoint security is around US$16.7 million per enterprise.

“Detection requires a patient zero – someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive,” says Bromium CEO Gregory Webb.

The data comes from a survey of 500 CISOs within enterprises around the world that is part of a wider report (The Hidden Costs of Detect-to-Protect), with the key findings including:

  • The average annual cost to maintain detect-to-protect endpoint security is $16,714,186, per enterprise
  • Organisations invest $345,300 per year on detect-to-protect security tools, but this cost is minimal compared to the hidden human costs
  • SOC teams receive over 1M alerts every year, but 75 percent are false positives
  • SOC teams spend 413,920 hours per year triaging alerts, an additional 2,448 hours rebuilding compromised machines, and 780 hours on emergency patching
  • All-together, that’s 417,148 hours per year, resulting in an annual labour cost of $16,368,886, per enterprise

“It’s no surprise that 63 percent of the CISOs we surveyed said they’re worried about alert fatigue. Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them,” says Webb.

“Meanwhile, advanced malware is still getting through because cyber criminals are focusing on the weak spots like email attachments, phishing links and downloads. This is why organisations must consider the total cost of ownership when making security investments, rather than just following the detect-to-fail crowd.”

It’s encouraging to see organisations are investing in multiple security layers to defend against hackers, with the research finding on average enterprises are annually investing $159,220 on advanced threat detection, $44,200 on next-generation and traditional anti-virus, $29,540 on whitelisting and blacklisting, and $112,340 on detonation environments.

However, Webb asserts these technologies are all dependent on detection first and therefore are fundamentally flawed as they only stop the known.

The answer, Webb says, is application isolation as provides the last line of defence in the new security stack and is the only way to tame the spiralling labour costs that result from detection-based solutions.

“Application isolation allows malware to fully execute, because the application is hardware isolated, so the threat has nowhere to go and nothing to steal. This eliminates reimaging and rebuilds, as machines do not get owned,” Webb says.

“It also significantly reduces false positives, as SOC teams are only alerted to real threats. Emergency patching is not needed, as the applications are already protected in an isolated container. Triage time is drastically reduced because SOC teams can analyze the full kill chain.”

To avoid being stung by the hidden costs, Webb says there are a number of questions CISOs should be asking during evaluations, such as:

  • Where are most of the attacks happening?
  • Are advanced threats getting through current defences?
  • Is employee productivity negatively impacted by current security measures?
  • How many alerts are being generated? Of those, how many are false positives?
  • Is it likely that machines will still get compromised and need to be rebuilt?
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
New wormable Android malware discovered through auto-replies in WhatsApp
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Ransomware and Microsoft Exchange attacks surging 
There are global surges in ransomware attacks alongside increases in cyber attacks targeting Microsoft Exchange Server vulnerabilities, according to Check Point Research.More
Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More